Aerocms
by MegaTKC
CVEs (16)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-50944 | Hig | 0.57 | 8.8 | 0.00 | May 10, 2026 | Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with… | ||
| CVE-2022-38812 | 0.01 | — | 0.02 | Aug 31, 2022 | AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter. | |||
| CVE-2023-29847 | 0.00 | — | 0.00 | Apr 14, 2023 | AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||
| CVE-2022-46137 | 0.00 | — | 0.01 | Dec 16, 2022 | AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: AeroCMS v0.0.1. | |||
| CVE-2022-46058 | 0.00 | — | 0.00 | Dec 13, 2022 | AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field. | |||
| CVE-2022-46061 | 0.00 | — | 0.00 | Dec 13, 2022 | AeroCMS v0.0.1 is vulnerable to ClickJacking. | |||
| CVE-2022-46047 | 0.00 | — | 0.01 | Dec 13, 2022 | AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter. | |||
| CVE-2022-45329 | 0.00 | — | 0.01 | Nov 29, 2022 | AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information. | |||
| CVE-2022-45536 | 0.00 | — | 0.01 | Nov 22, 2022 | AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \admin\post_comments.php. This vulnerability allows attackers to access database information. | |||
| CVE-2022-45535 | 0.00 | — | 0.01 | Nov 22, 2022 | AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. This vulnerability allows attackers to access database information. | |||
| CVE-2022-45331 | 0.00 | — | 0.01 | Nov 22, 2022 | AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at \post.php. This vulnerability allows attackers to access database information. | |||
| CVE-2022-45330 | 0.00 | — | 0.01 | Nov 22, 2022 | AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at \category.php. This vulnerability allows attackers to access database information. | |||
| CVE-2022-38305 | 0.00 | — | 0.01 | Sep 13, 2022 | AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||
| CVE-2022-27063 | 0.00 | — | 0.01 | Apr 8, 2022 | AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field. | |||
| CVE-2022-27062 | 0.00 | — | 0.01 | Apr 8, 2022 | AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field. | |||
| CVE-2022-27061 | 0.00 | — | 0.03 | Apr 8, 2022 | AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. |
- risk 0.57cvss 8.8epss 0.00
Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with…
- CVE-2022-38812Aug 31, 2022risk 0.01cvss —epss 0.02
AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter.
- CVE-2023-29847Apr 14, 2023risk 0.00cvss —epss 0.00
AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload.
- CVE-2022-46137Dec 16, 2022risk 0.00cvss —epss 0.01
AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: AeroCMS v0.0.1.
- CVE-2022-46058Dec 13, 2022risk 0.00cvss —epss 0.00
AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.
- CVE-2022-46061Dec 13, 2022risk 0.00cvss —epss 0.00
AeroCMS v0.0.1 is vulnerable to ClickJacking.
- CVE-2022-46047Dec 13, 2022risk 0.00cvss —epss 0.01
AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter.
- CVE-2022-45329Nov 29, 2022risk 0.00cvss —epss 0.01
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information.
- CVE-2022-45536Nov 22, 2022risk 0.00cvss —epss 0.01
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \admin\post_comments.php. This vulnerability allows attackers to access database information.
- CVE-2022-45535Nov 22, 2022risk 0.00cvss —epss 0.01
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. This vulnerability allows attackers to access database information.
- CVE-2022-45331Nov 22, 2022risk 0.00cvss —epss 0.01
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at \post.php. This vulnerability allows attackers to access database information.
- CVE-2022-45330Nov 22, 2022risk 0.00cvss —epss 0.01
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at \category.php. This vulnerability allows attackers to access database information.
- CVE-2022-38305Sep 13, 2022risk 0.00cvss —epss 0.01
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
- CVE-2022-27063Apr 8, 2022risk 0.00cvss —epss 0.01
AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.
- CVE-2022-27062Apr 8, 2022risk 0.00cvss —epss 0.01
AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field.
- CVE-2022-27061Apr 8, 2022risk 0.00cvss —epss 0.03
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.