Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Aerocms
(Aerocms_project)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 19 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-11-22 | CVE-2022-45535 | AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. This vulnerability allows attackers to access database information. | Aerocms | 4.9 | ||
| 2022-11-29 | CVE-2022-45329 | AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information. | Aerocms | 7.5 | ||
| 2022-12-13 | CVE-2022-46047 | AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter. | Aerocms | 4.9 | ||
| 2022-12-13 | CVE-2022-46058 | AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field. | Aerocms | 4.8 | ||
| 2022-12-13 | CVE-2022-46061 | AeroCMS v0.0.1 is vulnerable to ClickJacking. | Aerocms | 6.1 | ||
| 2022-12-13 | CVE-2022-46059 | AeroCMS v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF). | Aerocms | 6.5 | ||
| 2022-12-13 | CVE-2022-46051 | The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks. | Aerocms | 7.2 | ||
| 2022-12-16 | CVE-2022-46135 | In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server. | Aerocms | 7.2 | ||
| 2022-12-16 | CVE-2022-46137 | AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: AeroCMS v0.0.1. | Aerocms | 7.5 |