Vulnerabilities > Aerocms Project

DATE CVE VULNERABILITY TITLE RISK
2023-04-14 CVE-2023-29847 Cross-site Scripting vulnerability in Aerocms Project Aerocms 0.0.1
AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php.
network
low complexity
aerocms-project CWE-79
5.4
2022-12-16 CVE-2022-46135 Unrestricted Upload of File with Dangerous Type vulnerability in Aerocms Project Aerocms 0.0.1
In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server.
network
low complexity
aerocms-project CWE-434
7.2
2022-12-16 CVE-2022-46137 Path Traversal vulnerability in Aerocms Project Aerocms 0.0.1
AeroCMS v0.0.1 is vulnerable to Directory Traversal.
network
low complexity
aerocms-project CWE-22
7.5
2022-12-13 CVE-2022-46051 SQL Injection vulnerability in Aerocms Project Aerocms 0.0.1
The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks.
network
low complexity
aerocms-project CWE-89
7.2
2022-12-13 CVE-2022-46059 Cross-Site Request Forgery (CSRF) vulnerability in Aerocms Project Aerocms 0.0.1
AeroCMS v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF).
network
low complexity
aerocms-project CWE-352
6.5
2022-12-13 CVE-2022-46047 SQL Injection vulnerability in Aerocms Project Aerocms 0.0.1
AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter.
network
low complexity
aerocms-project CWE-89
4.9
2022-12-13 CVE-2022-46058 Cross-site Scripting vulnerability in Aerocms Project Aerocms 0.0.1
AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php.
network
low complexity
aerocms-project CWE-79
4.8
2022-12-13 CVE-2022-46061 Improper Restriction of Rendered UI Layers or Frames vulnerability in Aerocms Project Aerocms 0.0.1
AeroCMS v0.0.1 is vulnerable to ClickJacking.
network
low complexity
aerocms-project CWE-1021
6.1
2022-11-29 CVE-2022-45329 SQL Injection vulnerability in Aerocms Project Aerocms 0.0.1
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter.
network
low complexity
aerocms-project CWE-89
7.5
2022-11-22 CVE-2022-45330 SQL Injection vulnerability in Aerocms Project Aerocms 0.0.1
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at \category.php.
network
low complexity
aerocms-project CWE-89
7.5