CVE-2022-38812
published 2022-08-31CVE-2022-38812: AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter.
PriorityP348medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EXPLOIT
EPSS
2.10%
79.4th percentile
AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aerocms_project | aerocms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
AeroCMS 0.1.1 - SQL Injection
nuclei·CVSS 6.5
CVE-2022-38812 [MEDIUM] AeroCMS 0.1.1 - SQL Injection
AeroCMS 0.1.1 - SQL Injection
AeroCMS 0.1.1 contains a SQL injection caused by unsanitized author parameter, letting attackers execute arbitrary SQL commands, exploit requires crafted author input.
Template:
id: CVE-2022-38812
info:
name: AeroCMS 0.1.1 - SQL Injection
author: shivampand3y
severity: medium
description: |
AeroCMS 0.1.1 contains a SQL injection caused by unsanitized author parameter, letting attackers execute arbitrary SQL commands, exploit requires crafted author input.
impact: |
Authenticated attackers can exploit SQL injection in the author parameter to extract sensitive database information including user credentials, content data, and application configuration from the AeroCMS database.
remediation: |
Update AeroCMS to a version newer than 0.1.1 that properly sanitiz
No writeups or analysis indexed.
https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/MegaTKC/2021/AeroCMS-v0.0.1-SQLihttps://www.nu11secur1ty.com/2022/08/aerocms-v001-sqli.htmlhttps://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/MegaTKC/2021/AeroCMS-v0.0.1-SQLihttps://www.nu11secur1ty.com/2022/08/aerocms-v001-sqli.html
2022-08-31
Published