RSS   Vulnerabilities for 'Aerocms'   RSS

2022-04-08
 
CVE-2022-27061

CWE-434
 

 
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

 
 
CVE-2022-27062

CWE-79
 

 
AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field.

 
 
CVE-2022-27063

CWE-79
 

 
AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.

 


Copyright 2023, cxsecurity.com

 

Back to Top