Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remote malicious user to execute arbitrary code via the system/article/category_edit component.