aerocms_project CVE Vulnerabilities & Metrics

Focus on aerocms_project vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About aerocms_project Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with aerocms_project. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total aerocms_project CVEs: 19
Earliest CVE date: 08 Apr 2022, 09:15 UTC
Latest CVE date: 14 Apr 2023, 14:15 UTC

Latest CVE reference: CVE-2023-29847

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical aerocms_project CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.75

Max CVSS: 6.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	17
4.0-6.9	2
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS aerocms_project CVEs

These are the five CVEs with the highest CVSS scores for aerocms_project, sorted by severity first and recency.

CVE-2022-27061 aerocms_project Published on 08 Apr 2022, 09:15 UTC (CVSS: 6.5)
AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-27063 aerocms_project Published on 08 Apr 2022, 09:15 UTC (CVSS: 4.3)
AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.
CVE-2022-27062 aerocms_project Published on 08 Apr 2022, 09:15 UTC (CVSS: 3.5)
AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field.
CVE-2023-29847 aerocms_project Published on 14 Apr 2023, 14:15 UTC (CVSS: 0)
AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2022-46137 aerocms_project Published on 16 Dec 2022, 16:15 UTC (CVSS: 0)
AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: AeroCMS v0.0.1.

All CVEs for aerocms_project

CVE-2023-29847 aerocms_project vulnerability CVSS: 0 14 Apr 2023, 14:15 UTC

AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVE-2022-46137 aerocms_project vulnerability CVSS: 0 16 Dec 2022, 16:15 UTC

AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: AeroCMS v0.0.1.

CVE-2022-46135 aerocms_project vulnerability CVSS: 0 16 Dec 2022, 16:15 UTC

In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server.

CVE-2022-46051 aerocms_project vulnerability CVSS: 0 13 Dec 2022, 16:15 UTC

The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks.

CVE-2022-46059 aerocms_project vulnerability CVSS: 0 13 Dec 2022, 15:15 UTC

AeroCMS v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF).

CVE-2022-46061 aerocms_project vulnerability CVSS: 0 13 Dec 2022, 14:15 UTC

AeroCMS v0.0.1 is vulnerable to ClickJacking.

CVE-2022-46058 aerocms_project vulnerability CVSS: 0 13 Dec 2022, 14:15 UTC

AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.

CVE-2022-46047 aerocms_project vulnerability CVSS: 0 13 Dec 2022, 14:15 UTC

AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter.

CVE-2022-45329 aerocms_project vulnerability CVSS: 0 29 Nov 2022, 05:15 UTC

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information.

CVE-2022-45536 aerocms_project vulnerability CVSS: 0 22 Nov 2022, 21:15 UTC

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \admin\post_comments.php. This vulnerability allows attackers to access database information.

CVE-2022-45535 aerocms_project vulnerability CVSS: 0 22 Nov 2022, 21:15 UTC

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. This vulnerability allows attackers to access database information.

CVE-2022-45529 aerocms_project vulnerability CVSS: 0 22 Nov 2022, 21:15 UTC

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \admin\includes\edit_post.php. This vulnerability allows attackers to access database information.

CVE-2022-45331 aerocms_project vulnerability CVSS: 0 22 Nov 2022, 21:15 UTC

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at \post.php. This vulnerability allows attackers to access database information.

CVE-2022-45330 aerocms_project vulnerability CVSS: 0 22 Nov 2022, 21:15 UTC

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at \category.php. This vulnerability allows attackers to access database information.

CVE-2022-38305 aerocms_project vulnerability CVSS: 0 13 Sep 2022, 23:15 UTC

AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

CVE-2022-38812 aerocms_project vulnerability CVSS: 0 31 Aug 2022, 18:15 UTC

AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter.

CVE-2022-27063 aerocms_project vulnerability CVSS: 4.3 08 Apr 2022, 09:15 UTC

AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field.

CVE-2022-27062 aerocms_project vulnerability CVSS: 3.5 08 Apr 2022, 09:15 UTC

AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field.

CVE-2022-27061 aerocms_project vulnerability CVSS: 6.5 08 Apr 2022, 09:15 UTC

AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.