Lucene search

China National Vulnerability DatabaseCNVD-2022-81495

HistoryNov 24, 2022 - 12:00 a.m.

AeroCMS SQL Injection Vulnerability

2022-11-2400:00:00

China National Vulnerability Database

www.cnvd.org.cn

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

JSON

AeroCMS is a content management system from AeroCMS, Inc. A security vulnerability exists in AeroCMS v0.0.1, which stems from the edit parameter of its admincategories.php component allowing an attacker to implement SQL injection resulting in access to database information. No detailed vulnerability details are currently available.

CPENameOperatorVersion
aerocms aerocms veq0.0.1

CPE	Name	Operator	Version
	aerocms aerocms v	eq	0.0.1

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

JSON

Related for CNVD-2022-81495