Aerocms Security Vulnerabilities and Issues — Aerocms CVE List

Lucene search

Aerocms ProjectAerocms

7 matches found

CVE•added 2022/12/13 2:15 p.m.•74 views

CVE-2022-46058

AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.

4.8CVSS5AI score0.00127EPSS

CVE•added 2022/12/16 4:15 p.m.•55 views

CVE-2022-46137

AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: AeroCMS v0.0.1.

7.5CVSS7.3AI score0.00686EPSS

CVE•added 2022/12/13 2:15 p.m.•49 views

CVE-2022-46047

AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter.

4.9CVSS5.7AI score0.00069EPSS

CVE•added 2022/12/13 3:15 p.m.•49 views

CVE-2022-46059

AeroCMS v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF).

6.5CVSS6.4AI score0.00148EPSS

CVE•added 2022/12/13 4:15 p.m.•48 views

CVE-2022-46051

The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks.

7.2CVSS7.3AI score0.00083EPSS

CVE•added 2022/12/16 4:15 p.m.•48 views

CVE-2022-46135

In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server.

7.2CVSS7AI score0.00122EPSS

CVE•added 2022/12/13 2:15 p.m.•47 views

CVE-2022-46061

AeroCMS v0.0.1 is vulnerable to ClickJacking.

6.1CVSS6.2AI score0.00106EPSS