MegaTKC/AeroCMS

GitHub

github.com

Unavailable

This project is no longer available (or publicly accessible) from GitHub

Releases1

Frequency

Last Release over 4 years ago

Stars24

Aero is a simple and easy to use CMS (Content Management System) designed to create fast and powerful web applications!

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-50944 ↗	May 10, 2026Sunday, 10 May 2026, 13:16	8.8 HIGH	—
Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=add_post parameter, and the uploaded files are executed by the server.
CVE-2023-29847 ↗	Apr 14, 2023Friday, 14 April 2023, 14:15	5.4 MEDIUM	—
AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2022-46135 ↗	Dec 16, 2022Friday, 16 December 2022, 16:15	7.2 HIGH	—
In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server.
CVE-2022-46137 ↗	Dec 16, 2022Friday, 16 December 2022, 16:15	7.5 HIGH	—
AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: AeroCMS v0.0.1.
CVE-2022-38305 ↗	Sep 13, 2022Tuesday, 13 September 2022, 23:15	8.8 HIGH	—
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.