CVE-2022-50895

Name of the Vulnerable Software and Affected Versions Aero CMS version 0.0.1

Description Aero CMS version 0.0.1 has a SQL injection issue in the author parameter. This allows manipulation of database queries using boolean-based, error-based, time-based, and UNION query techniques. Successful exploitation could lead to the extraction of sensitive database information and potential system compromise.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the author parameter to prevent SQL injection attacks.