AeroCMS Project AeroCMS 0.0.1
Approved changes feed: RSS · Atom
cpe:2.3:a:aerocms_project:aerocms:0.0.1:*:*:*:*:*:*:*
part: a version: 0.0.1 update: *
| Vendor | Aerocms Project (74681269-313a-5498-8b4e-a1feaf4a2ce9) |
|---|---|
| Product | Aerocms (10c4b80c-d524-52b8-b5ed-9942e44d3af5) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-29847 |
vulnerable | 2026-06-08 06:02:40.717764 |
Details available
AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload.
Published: 2023-04-14T00:00:00.000Z
Updated: 2025-02-06T20:39:41.245Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-50895 |
vulnerable | 2026-06-08 05:52:03.665421 |
Aero CMS 0.0.1 - SQL Injection
CRITICAL (9.8)
Aero CMS 0.0.1 contains a SQL injection vulnerability in the author parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, time-based, and UNION query techniques to extract sensitive database information and potentially compromise the system.
Published: 2026-01-13T22:51:43.747Z
Updated: 2026-04-07T14:06:32.845Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-46137 |
vulnerable | 2026-06-08 05:50:37.722285 |
Details available
AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: AeroCMS v0.0.1.
Published: 2022-12-16T00:00:00.000Z
Updated: 2025-04-17T17:35:30.997Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-46135 |
vulnerable | 2026-06-08 05:50:37.721701 |
Details available
In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server.
Published: 2022-12-16T00:00:00.000Z
Updated: 2025-04-17T17:36:20.855Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-46061 |
vulnerable | 2026-06-08 05:50:37.678923 |
Details available
AeroCMS v0.0.1 is vulnerable to ClickJacking.
Published: 2022-12-13T00:00:00.000Z
Updated: 2025-04-22T03:08:29.708Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-46059 |
vulnerable | 2026-06-08 05:50:37.678512 |
Details available
AeroCMS v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF).
Published: 2022-12-13T00:00:00.000Z
Updated: 2025-04-22T14:41:40.154Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-46058 |
vulnerable | 2026-06-08 05:50:37.677984 |
Details available
AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.
Published: 2022-12-13T00:00:00.000Z
Updated: 2025-04-22T14:45:15.154Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-46051 |
vulnerable | 2026-06-08 05:50:37.677483 |
Details available
The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks.
Published: 2022-12-13T00:00:00.000Z
Updated: 2025-04-22T14:49:38.547Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-46047 |
vulnerable | 2026-06-08 05:50:37.676968 |
Details available
AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter.
Published: 2022-12-13T00:00:00.000Z
Updated: 2025-04-22T14:55:18.647Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-45536 |
vulnerable | 2026-06-08 05:50:36.490125 |
Details available
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \admin\post_comments.php. This vulnerability allows attackers to access database information.
Published: 2022-11-22T00:00:00.000Z
Updated: 2025-04-29T16:24:04.230Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-45535 |
vulnerable | 2026-06-08 05:50:36.489587 |
Details available
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. This vulnerability allows attackers to access database information.
Published: 2022-11-22T00:00:00.000Z
Updated: 2025-04-25T20:59:07.895Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-45529 |
vulnerable | 2026-06-08 05:50:36.489122 |
Details available
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \admin\includes\edit_post.php. This vulnerability allows attackers to access database information.
Published: 2022-11-22T00:00:00.000Z
Updated: 2025-04-25T21:02:24.173Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-45331 |
vulnerable | 2026-06-08 05:50:36.054433 |
Details available
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at \post.php. This vulnerability allows attackers to access database information.
Published: 2022-11-22T00:00:00.000Z
Updated: 2025-04-25T21:04:14.116Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-45330 |
vulnerable | 2026-06-08 05:50:36.053846 |
Details available
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at \category.php. This vulnerability allows attackers to access database information.
Published: 2022-11-22T00:00:00.000Z
Updated: 2025-04-25T21:05:38.895Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-45329 |
vulnerable | 2026-06-08 05:50:36.053282 |
Details available
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information.
Published: 2022-11-29T00:00:00.000Z
Updated: 2025-04-25T15:29:43.588Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-38305 |
vulnerable | 2026-06-08 05:47:16.108699 |
Details available
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
Published: 2022-09-13T22:36:09.000Z
Updated: 2024-08-03T10:54:02.327Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-27063 |
vulnerable | 2026-06-08 05:41:54.800939 |
Details available
AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.
Published: 2022-04-08T08:23:35.000Z
Updated: 2024-08-03T05:18:39.422Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-27062 |
vulnerable | 2026-06-08 05:41:54.800606 |
Details available
AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field.
Published: 2022-04-08T08:23:34.000Z
Updated: 2024-08-03T05:18:39.209Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-27061 |
vulnerable | 2026-06-08 05:41:54.800063 |
Details available
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
Published: 2022-04-08T08:23:33.000Z
Updated: 2024-08-03T05:18:39.204Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.