AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
7.2CVSS
7.3AI Score
0.048EPSS
AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field.
4.8CVSS
5.2AI Score
0.002EPSS
AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.
6.1CVSS
5.9AI Score
0.007EPSS
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
8.8CVSS
8.9AI Score
0.001EPSS
6.5CVSS
6.9AI Score
0.001EPSS
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information.
7.5CVSS
7.6AI Score
0.002EPSS
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at \category.php. This vulnerability allows attackers to access database information.
7.5CVSS
7.6AI Score
0.002EPSS
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at \post.php. This vulnerability allows attackers to access database information.
7.5CVSS
7.6AI Score
0.002EPSS
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \admin\includes\edit_post.php. This vulnerability allows attackers to access database information.
4.9CVSS
5.4AI Score
0.001EPSS
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. This vulnerability allows attackers to access database information.
4.9CVSS
5.4AI Score
0.001EPSS
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \admin\post_comments.php. This vulnerability allows attackers to access database information.
4.9CVSS
5.3AI Score
0.001EPSS
4.9CVSS
5.7AI Score
0.001EPSS
The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks.
7.2CVSS
7.3AI Score
0.001EPSS
AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.
4.8CVSS
5AI Score
0.001EPSS
6.5CVSS
6.4AI Score
0.001EPSS
6.1CVSS
6.2AI Score
0.001EPSS
In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server.
7.2CVSS
7AI Score
0.001EPSS
AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: AeroCMS v0.0.1.
7.5CVSS
7.3AI Score
0.002EPSS
AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload.
5.4CVSS
5.4AI Score
0.001EPSS