Aerocms Project Security Vulnerabilities
AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted...
5.4CVSS
5.5AI Score
0.001EPSS
In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web...
7.2CVSS
7.1AI Score
0.001EPSS
AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: AeroCMS...
7.5CVSS
7.3AI Score
0.002EPSS
6.5CVSS
6.5AI Score
0.001EPSS
6.1CVSS
6.2AI Score
0.001EPSS
The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection...
7.2CVSS
7.3AI Score
0.001EPSS
4.9CVSS
5.8AI Score
0.001EPSS
AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text...
4.8CVSS
5AI Score
0.001EPSS
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database...
7.5CVSS
7.7AI Score
0.002EPSS
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \admin\post_comments.php. This vulnerability allows attackers to access database...
4.9CVSS
5.5AI Score
0.001EPSS
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. This vulnerability allows attackers to access database...
4.9CVSS
5.5AI Score
0.001EPSS
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at \post.php. This vulnerability allows attackers to access database...
7.5CVSS
7.7AI Score
0.002EPSS
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at \category.php. This vulnerability allows attackers to access database...
7.5CVSS
7.7AI Score
0.002EPSS
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \admin\includes\edit_post.php. This vulnerability allows attackers to access database...
4.9CVSS
5.5AI Score
0.001EPSS
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP...
8.8CVSS
8.9AI Score
0.001EPSS
6.5CVSS
6.9AI Score
0.001EPSS
AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text...
4.8CVSS
5.2AI Score
0.002EPSS
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted PHP...
7.2CVSS
7.2AI Score
0.048EPSS
AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text...
6.1CVSS
5.9AI Score
0.007EPSS