Shodan
Vulnerabilities
Vulnerable Software
Aerocms Project:  >> Aerocms  Security Vulnerabilities
CVE-2022-45535
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. This vulnerability allows attackers to access database information.
CVSS Score
4.9
EPSS Score
0.001
Published
2022-11-22
CVE-2022-45536
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \admin\post_comments.php. This vulnerability allows attackers to access database information.
CVSS Score
4.9
EPSS Score
0.002
Published
2022-11-22
CVE-2022-45330
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at \category.php. This vulnerability allows attackers to access database information.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-11-22
CVE-2022-45331
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at \post.php. This vulnerability allows attackers to access database information.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-11-22
CVE-2022-38305
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-09-13
CVE-2022-38812
AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-08-31
CVE-2022-27061
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVSS Score
7.2
EPSS Score
0.029
Published
2022-04-08
CVE-2022-27062
AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field.
CVSS Score
4.8
EPSS Score
0.006
Published
2022-04-08
CVE-2022-27063
AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.
CVSS Score
6.1
EPSS Score
0.007
Published
2022-04-08


Products
Pricing
Contact Us

Shodan ® - All rights reserved