CVE-2022-27061

Published April 8th, 2022

View on NVD ↗

CVSS v3

7.2

HIGH

CVSS v2

6.5

MEDIUM

Affected

PROJECT

Description

AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

D4rkP0w4r/AeroCMS-Unrestricted-File-Upload-POCUNAVAILABLE

GitHub