Vulnerabilities > Aerocms Project > Aerocms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-14 | CVE-2023-29847 | Cross-site Scripting vulnerability in Aerocms Project Aerocms 0.0.1 AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. | 5.4 |
| 2022-12-16 | CVE-2022-46135 | Unrestricted Upload of File with Dangerous Type vulnerability in Aerocms Project Aerocms 0.0.1 In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server. | 7.2 |
| 2022-12-16 | CVE-2022-46137 | Path Traversal vulnerability in Aerocms Project Aerocms 0.0.1 AeroCMS v0.0.1 is vulnerable to Directory Traversal. | 7.5 |
| 2022-12-13 | CVE-2022-46051 | SQL Injection vulnerability in Aerocms Project Aerocms 0.0.1 The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks. | 7.2 |
| 2022-12-13 | CVE-2022-46059 | Cross-Site Request Forgery (CSRF) vulnerability in Aerocms Project Aerocms 0.0.1 AeroCMS v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF). | 6.5 |
| 2022-12-13 | CVE-2022-46047 | SQL Injection vulnerability in Aerocms Project Aerocms 0.0.1 AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter. | 4.9 |
| 2022-12-13 | CVE-2022-46058 | Cross-site Scripting vulnerability in Aerocms Project Aerocms 0.0.1 AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php. | 4.8 |
| 2022-12-13 | CVE-2022-46061 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Aerocms Project Aerocms 0.0.1 AeroCMS v0.0.1 is vulnerable to ClickJacking. | 6.1 |
| 2022-11-29 | CVE-2022-45329 | SQL Injection vulnerability in Aerocms Project Aerocms 0.0.1 AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. | 7.5 |
| 2022-11-22 | CVE-2022-45330 | SQL Injection vulnerability in Aerocms Project Aerocms 0.0.1 AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at \category.php. | 7.5 |