Aerocms Security Vulnerabilities and Issues — Aerocms CVE List

Lucene search

Aerocms ProjectAerocms

7 matches found

CVE•added 2022/04/08 9:15 a.m.•71 views

CVE-2022-27061

AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

7.2CVSS7.3AI score0.02922EPSS

CVE•added 2022/12/16 4:15 p.m.•55 views

CVE-2022-46137

AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: AeroCMS v0.0.1.

7.5CVSS7.3AI score0.00686EPSS

CVE•added 2022/11/22 9:15 p.m.•50 views

CVE-2022-45330

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at \category.php. This vulnerability allows attackers to access database information.

7.5CVSS7.6AI score0.00066EPSS

CVE•added 2022/12/13 4:15 p.m.•48 views

CVE-2022-46051

The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks.

7.2CVSS7.3AI score0.00083EPSS

CVE•added 2022/12/16 4:15 p.m.•48 views

CVE-2022-46135

In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server.

7.2CVSS7AI score0.00122EPSS

CVE•added 2022/11/29 5:15 a.m.•47 views

CVE-2022-45329

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information.

7.5CVSS7.6AI score0.00053EPSS

CVE•added 2022/11/22 9:15 p.m.•44 views

CVE-2022-45331

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at \post.php. This vulnerability allows attackers to access database information.

7.5CVSS7.6AI score0.00066EPSS