AeroCMS
AeroCMS copied to clipboard
MegaTKC
Aero is a simple and easy to use CMS (Content Management System) designed to create fast and powerful web applications!
POST /search.php HTTP/1.1 Host: 192.168.243.133 Content-Length: 19 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Origin: http://192.168.243.133/ Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.120 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9...
**Description:** I found Stored Cross site scripting (XSS) vulnerability in your AeroCMS (v0.0.1) post comments section "Author" and "Content" field. When I use malicious code or use any xss payload...
**Description:** I found Cross site scripting (XSS) vulnerability in your AeroCMS (v0.0.1) post.php page "p_id" parameter. When I use malicious code or use any XSS payload then the browser give...
AeroCMS v0.0.1 was found to contain a SQL injection vulnerability via the 'p_id' parameter in post.php. The vulnerability allows an attacker to gain database administrator privileges and access database information...
Vulnerability Details: AeroCMS v0.0.1 found that it is possible to include sql injection through the search parameter in the search.php file. This vulnerability allows an attacker to gain database administrator...
- Description *** AeroCMS v0.0.1 was discovered to contain a Directory traversal vulnerability. The vulnerability is due to the failure to normalize the url. This vulnerability allows an attacker to...
- Description *** AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the "author" parameter at \author_posts.php. This vulnerability allows attackers does not require authentication to obtain database...
- Description *** In AeroCms v0.0.1, an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server. - Step to Reproduct ***...
I was drawn to this source code after reading a quick write-up, by [nu11secur1ty] earlier today about the "`author` parameter from the AeroCMS-v0.0.1" being vuln to SQLi. It seems there...
Hello I want to report an arbitrary file upload vulnerability that I found in AeroCms v0.0.1, through which we can upload webshell and control the web server. ## Step to...
