PT-2026-2371 · Aerocms · Aerocms
Nu11Secur1Ty
·
Publicado
2026-01-13
·
Atualizado
2026-03-02
·
CVE-2022-50895
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Aero CMS version 0.0.1
Description
Aero CMS version 0.0.1 has a SQL injection issue in the
author parameter. This allows manipulation of database queries using boolean-based, error-based, time-based, and UNION query techniques. Successful exploitation could lead to the extraction of sensitive database information and potential system compromise.Recommendations
Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the
author parameter to prevent SQL injection attacks.Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Aerocms