CVE-2022-46135

Name of the Vulnerable Software and Affected Versions AeroCms version 0.0.1

Description The issue is related to an arbitrary file upload vulnerability. This vulnerability is located at the "/admin/posts.php?source=edit post" API endpoint, which allows uploading a webshell and potentially controlling the web server.

Recommendations For AeroCms version 0.0.1, as a temporary workaround, consider disabling the upload functionality at the "/admin/posts.php?source=edit post" endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.