Shodan
Vulnerabilities
Vulnerable Software
Aerocms Project:  >> Aerocms  Security Vulnerabilities
CVE-2023-29847
AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-04-14
CVE-2022-46135
In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-12-16
CVE-2022-46137
AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: AeroCMS v0.0.1.
CVSS Score
7.5
EPSS Score
0.007
Published
2022-12-16
CVE-2022-46051
The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-12-13
CVE-2022-46059
AeroCMS v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF).
CVSS Score
6.5
EPSS Score
0.001
Published
2022-12-13
CVE-2022-46047
AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter.
CVSS Score
4.9
EPSS Score
0.001
Published
2022-12-13
CVE-2022-46058
AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.
CVSS Score
4.8
EPSS Score
0.001
Published
2022-12-13
CVE-2022-46061
AeroCMS v0.0.1 is vulnerable to ClickJacking.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-12-13
CVE-2022-45329
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-11-29
CVE-2022-45529
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \admin\includes\edit_post.php. This vulnerability allows attackers to access database information.
CVSS Score
4.9
EPSS Score
0.001
Published
2022-11-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved