CVE-2022-46051

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions AeroCMS version 0.0.1

Description The issue concerns the approve parameter in the AeroCMS CMS system, which is susceptible to SQL injection attacks. This allows attackers to potentially execute malicious SQL code.

Recommendations For AeroCMS version 0.0.1, as a temporary workaround, consider restricting access to the approve parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2022-46051

Affected Products

Aerocms

CVE-2022-46051

Weakness Enumeration

Related Identifiers

Affected Products

References · 4