Show filters
63 Total Results
Displaying 31-40 of 63
Sort by:
Attacker Value
Unknown

CVE-2022-46137

Disclosure Date: December 16, 2022 (last updated February 24, 2025)
AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: AeroCMS v0.0.1.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-46135

Disclosure Date: December 16, 2022 (last updated February 24, 2025)
In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-46051

Disclosure Date: December 13, 2022 (last updated February 24, 2025)
The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-46059

Disclosure Date: December 13, 2022 (last updated February 24, 2025)
AeroCMS v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF).
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-46061

Disclosure Date: December 13, 2022 (last updated February 24, 2025)
AeroCMS v0.0.1 is vulnerable to ClickJacking.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-46058

Disclosure Date: December 13, 2022 (last updated February 24, 2025)
AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-46047

Disclosure Date: December 13, 2022 (last updated February 24, 2025)
AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-45329

Disclosure Date: November 29, 2022 (last updated February 24, 2025)
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-45535

Disclosure Date: November 22, 2022 (last updated February 24, 2025)
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. This vulnerability allows attackers to access database information.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-45536

Disclosure Date: November 22, 2022 (last updated February 24, 2025)
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \admin\post_comments.php. This vulnerability allows attackers to access database information.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
View More Topics  < Previous  Next >