FlyCms is sunkaifei open source an application . A similar to Zhihu to Q&A based on the fully open source JAVA language development of social network building program . FlyCms cross-site request forgery vulnerability , the vulnerability stems from /system/admin/add_group_save location does not adequately verify whether the request is from a trusted user , an attacker can use this vulnerability to forge malicious requests to lure the victim to click to perform sensitive operations .