Aerocms Project: >> Aerocms >> 0.0.1 Security Vulnerabilities
Aero CMS 0.0.1 contains a SQL injection vulnerability in the author parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, time-based, and UNION query techniques to extract sensitive database information and potentially compromise the system.
CVSS Score
8.8
EPSS Score
0.001
Published
2026-01-13
AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-04-14
In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-12-16
AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: AeroCMS v0.0.1.
CVSS Score
7.5
EPSS Score
0.015
Published
2022-12-16
The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-12-13
AeroCMS v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF).
CVSS Score
6.5
EPSS Score
0.001
Published
2022-12-13
AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter.
CVSS Score
4.9
EPSS Score
0.003
Published
2022-12-13
AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.
CVSS Score
4.8
EPSS Score
0.004
Published
2022-12-13
AeroCMS v0.0.1 is vulnerable to ClickJacking.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-12-13
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-11-29
Page 1