CVE-2022-27061
published 2022-04-08CVE-2022-27061: AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows…
PriorityP345high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
2.50%
82.7th percentile
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aerocms_project | aerocms | — | — |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/166659/AeroCMS-0.0.1-Shell-Upload.htmlhttps://drive.google.com/file/d/1PdF7gTUt_QuU2ObS9YUVew6orHaho-QF/view?usp=sharinghttps://github.com/D4rkP0w4r/AeroCMS-Unrestricted-File-Upload-POChttp://packetstormsecurity.com/files/166659/AeroCMS-0.0.1-Shell-Upload.htmlhttps://drive.google.com/file/d/1PdF7gTUt_QuU2ObS9YUVew6orHaho-QF/view?usp=sharinghttps://github.com/D4rkP0w4r/AeroCMS-Unrestricted-File-Upload-POC
2022-04-08
Published