Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
aerocms vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-38305
AeroCMS v0.0.1 exists to contain an arbitrary file upload vulnerability via the component /admin/profile.php. This vulnerability allows malicious users to execute arbitrary code via a crafted PHP file.
Aerocms Project Aerocms 0.0.1
6.1
CVSSv3
CVE-2022-27063
AeroCMS v0.0.1 exists to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.
Aerocms Project Aerocms 0.0.1
7.5
CVSSv3
CVE-2022-45329
AeroCMS v0.0.1 exists to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows malicious users to access database information.
Aerocms Project Aerocms 0.0.1
7.5
CVSSv3
CVE-2022-45330
AeroCMS v0.0.1 exists to contain a SQL Injection vulnerability via the Category parameter at \category.php. This vulnerability allows malicious users to access database information.
Aerocms Project Aerocms 0.0.1
7.5
CVSSv3
CVE-2022-45331
AeroCMS v0.0.1 exists to contain a SQL Injection vulnerability via the p_id parameter at \post.php. This vulnerability allows malicious users to access database information.
Aerocms Project Aerocms 0.0.1
4.9
CVSSv3
CVE-2022-45529
AeroCMS v0.0.1 exists to contain a SQL Injection vulnerability via the post_category_id parameter at \admin\includes\edit_post.php. This vulnerability allows malicious users to access database information.
Aerocms Project Aerocms 0.0.1
4.9
CVSSv3
CVE-2022-45535
AeroCMS v0.0.1 exists to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. This vulnerability allows malicious users to access database information.
Aerocms Project Aerocms 0.0.1
4.9
CVSSv3
CVE-2022-45536
AeroCMS v0.0.1 exists to contain a SQL Injection vulnerability via the id parameter at \admin\post_comments.php. This vulnerability allows malicious users to access database information.
Aerocms Project Aerocms 0.0.1
6.5
CVSSv3
CVE-2022-38812
AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter.
Aerocms Project Aerocms 0.1.1
5.4
CVSSv3
CVE-2023-29847
AeroCMS v0.0.1 exists to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow malicious users to execute arbitrary web scripts or HTML via a crafted payload.
Aerocms Project Aerocms 0.0.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »