Aerocms Project Aerocms vulnerabilities
19 known vulnerabilities affecting aerocms_project/aerocms.
Total CVEs
19
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH8MEDIUM10
Vulnerabilities
Page 1 of 1
CVE-2022-38812P3MEDIUMCVSS 6.5PoCv0.1.12022-08-31
CVE-2022-38812 [MEDIUM] CWE-89 CVE-2022-38812: AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter.
AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter.
nvd
CVE-2022-50895P3CRITICALCVSS 9.8v0.0.12026-01-13
CVE-2022-50895 [CRITICAL] CWE-89 CVE-2022-50895: Aero CMS 0.0.1 contains a SQL injection vulnerability in the author parameter that allows attackers
Aero CMS 0.0.1 contains a SQL injection vulnerability in the author parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, time-based, and UNION query techniques to extract sensitive database information and potentially compromise the system.
nvd
CVE-2022-38305P3HIGHCVSS 8.8v0.0.12022-09-13
CVE-2022-38305 [HIGH] CWE-434 CVE-2022-38305: AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /a
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
nvd
CVE-2022-27061P3HIGHCVSS 7.2v0.0.12022-04-08
CVE-2022-27061 [HIGH] CWE-434 CVE-2022-27061: AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image f
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
nvd
CVE-2022-45331P3HIGHCVSS 7.5v0.0.12022-11-22
CVE-2022-45331 [HIGH] CWE-89 CVE-2022-45331: AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at \po
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at \post.php. This vulnerability allows attackers to access database information.
nvd
CVE-2022-45329P3HIGHCVSS 7.5v0.0.12022-11-29
CVE-2022-45329 [HIGH] CWE-89 CVE-2022-45329: AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. Thi
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information.
nvd
CVE-2022-46135P3HIGHCVSS 7.2v0.0.12022-12-16
CVE-2022-46135 [HIGH] CWE-434 CVE-2022-46135: In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_p
In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server.
nvd
CVE-2022-45330P3HIGHCVSS 7.5v0.0.12022-11-22
CVE-2022-45330 [HIGH] CWE-89 CVE-2022-45330: AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at \category.php. This vulnerability allows attackers to access database information.
nvd
CVE-2022-46137P3HIGHCVSS 7.5v0.0.12022-12-16
CVE-2022-46137 [HIGH] CWE-22 CVE-2022-46137: AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (re
AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: AeroCMS v0.0.1.
nvd
CVE-2022-46051P3HIGHCVSS 7.2v0.0.12022-12-13
CVE-2022-46051 [HIGH] CWE-89 CVE-2022-46051: The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks.
The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks.
nvd
CVE-2022-46047P4MEDIUMCVSS 4.9v0.0.12022-12-13
CVE-2022-46047 [MEDIUM] CWE-89 CVE-2022-46047: AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter.
AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter.
nvd
CVE-2022-45535P4MEDIUMCVSS 4.9v0.0.12022-11-22
CVE-2022-45535 [MEDIUM] CWE-89 CVE-2022-45535: AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \ad
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. This vulnerability allows attackers to access database information.
nvd
CVE-2022-45529P4MEDIUMCVSS 4.9v0.0.12022-11-22
CVE-2022-45529 [MEDIUM] CWE-89 CVE-2022-45529: AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id para
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \admin\includes\edit_post.php. This vulnerability allows attackers to access database information.
nvd
CVE-2022-45536P4MEDIUMCVSS 4.9v0.0.12022-11-22
CVE-2022-45536 [MEDIUM] CWE-89 CVE-2022-45536: AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \admi
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \admin\post_comments.php. This vulnerability allows attackers to access database information.
nvd
CVE-2022-46059P4MEDIUMCVSS 6.5v0.0.12022-12-13
CVE-2022-46059 [MEDIUM] CWE-352 CVE-2022-46059: AeroCMS v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF).
AeroCMS v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF).
nvd
CVE-2022-27063P4MEDIUMCVSS 6.1v0.0.12022-04-08
CVE-2022-27063 [MEDIUM] CWE-79 CVE-2022-27063: AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_
AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.
nvd
CVE-2023-29847P4MEDIUMCVSS 5.4v0.0.12023-04-14
CVE-2023-29847 [MEDIUM] CWE-79 CVE-2023-29847: AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities
AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload.
nvd
CVE-2022-27062P4MEDIUMCVSS 4.8v0.0.12022-04-08
CVE-2022-27062 [MEDIUM] CWE-79 CVE-2022-27062: AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_p
AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field.
nvd
CVE-2022-46058P4MEDIUMCVSS 4.8v0.0.12022-12-13
CVE-2022-46058 [MEDIUM] CWE-79 CVE-2022-46058: AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php
AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.
nvd