CVE Alert: CVE-2025-10712 – n/a – 07FLYCMS
CVE-2025-10712
A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This issue affects some unknown processing of the file /index.php/Login/login. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. This product is published under multiple names. The vendor was contacted early about this disclosure but did not respond in any way.
AI Summary Analysis
Risk verdict
High risk with a publicly available exploit; remote, unauthenticated SQL injection on the login page warrants urgent patching and containment.
Why this matters
An attacker can bypass authentication and directly query the backend database, potentially harvesting user data or altering records. With public PoC/exploit access, automated tooling could mass-scan instances and compromise multiple deployments, impacting customer data and trust.
Most likely attack path
Threat actors target the /index.php/Login/login endpoint, injecting via the Username parameter. No authentication or user interaction required, and network access is sufficient. The injection can yield data leakage or modify data with minimal preconditions, and given low UI requirements, lateral movement is plausible within the app’s database layer. Scope remains unchanged, but data confidentiality, integrity, and availability could be affected at the application layer.
Who is most exposed
Publicly exposed CMS/web apps (07FLYCMS/07FLY-CMS/07FlyCRM) running on internet-connected servers, especially those with custom login implementations and dynamic SQL, are at highest risk. Sites with default deployments, unpatched prior versions, or weak input handling are prime targets.
Detection ideas
- Logs show SQL error patterns or abnormal query phrases in login attempts (e.g., UNION SELECT).
- Anomalous login failures coupled with unusual payloads in Username fields.
- WAF/IDS alerts for SQLi patterns on the login endpoint.
- Suspicious spikes in traffic to /index.php/Login/login from diverse IPs.
- Database error logs indicating potential injection attempts.
Mitigation and prioritisation
- Apply vendor patch or upgrade to fixed versions immediately.
- Implement parameterised queries and reduce dynamic SQL in the login flow; enforce least privilege for DB accounts.
- Deploy WAF/IPS rules targeting SQLi in login inputs; rate-limit login attempts; enable MFA for accounts.
- Disable internet exposure of the login endpoint where feasible or require VPN/MDM controls.
- If KEV is confirmed or EPSS ≥ 0.5, treat as priority 1; otherwise prioritise as high and track remediation with change-management plans.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
