Show filters
19 Total Results
Displaying 1-10 of 19
Sort by:
Attacker Value
Very High

CVE-2022-38812

Disclosure Date: August 31, 2022 (last updated October 08, 2023)
AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
1
1
Attacker Value
Unknown

CVE-2023-29847

Disclosure Date: April 14, 2023 (last updated October 08, 2023)
AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-46137

Disclosure Date: December 16, 2022 (last updated October 08, 2023)
AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: AeroCMS v0.0.1.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-46135

Disclosure Date: December 16, 2022 (last updated October 08, 2023)
In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-46051

Disclosure Date: December 13, 2022 (last updated October 08, 2023)
The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-46059

Disclosure Date: December 13, 2022 (last updated October 08, 2023)
AeroCMS v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF).
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-46061

Disclosure Date: December 13, 2022 (last updated October 08, 2023)
AeroCMS v0.0.1 is vulnerable to ClickJacking.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-46058

Disclosure Date: December 13, 2022 (last updated October 08, 2023)
AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-46047

Disclosure Date: December 13, 2022 (last updated October 08, 2023)
AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-45329

Disclosure Date: November 29, 2022 (last updated October 08, 2023)
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
View More Topics  Next >