Vulnerabilities > Aerocms Project

DATE CVE VULNERABILITY TITLE RISK
2022-11-22 CVE-2022-45331 SQL Injection vulnerability in Aerocms Project Aerocms 0.0.1
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at \post.php.
network
low complexity
aerocms-project CWE-89
7.5
2022-11-22 CVE-2022-45529 SQL Injection vulnerability in Aerocms Project Aerocms 0.0.1
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \admin\includes\edit_post.php.
network
low complexity
aerocms-project CWE-89
4.9
2022-11-22 CVE-2022-45535 SQL Injection vulnerability in Aerocms Project Aerocms 0.0.1
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php.
network
low complexity
aerocms-project CWE-89
4.9
2022-11-22 CVE-2022-45536 SQL Injection vulnerability in Aerocms Project Aerocms 0.0.1
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \admin\post_comments.php.
network
low complexity
aerocms-project CWE-89
4.9
2022-09-13 CVE-2022-38305 Unrestricted Upload of File with Dangerous Type vulnerability in Aerocms Project Aerocms 0.0.1
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php.
network
low complexity
aerocms-project CWE-434
8.8
2022-08-31 CVE-2022-38812 SQL Injection vulnerability in Aerocms Project Aerocms 0.1.1
AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter.
network
low complexity
aerocms-project CWE-89
6.5
2022-04-08 CVE-2022-27061 Unrestricted Upload of File with Dangerous Type vulnerability in Aerocms Project Aerocms 0.0.1
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel.
network
low complexity
aerocms-project CWE-434
7.2
2022-04-08 CVE-2022-27062 Cross-site Scripting vulnerability in Aerocms Project Aerocms 0.0.1
AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php.
network
low complexity
aerocms-project CWE-79
4.8
2022-04-08 CVE-2022-27063 Cross-site Scripting vulnerability in Aerocms Project Aerocms 0.0.1
AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php.
network
low complexity
aerocms-project CWE-79
6.1