CVE-2022-50895 — CRITICAL (9.8)

Vulnerability Description

Aero CMS 0.0.1 contains a SQL injection vulnerability in the author parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, time-based, and UNION query techniques to extract sensitive database information and potentially compromise the system.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Aerocms Project	Aerocms	0.0.1

Related Weaknesses (CWE)

CWE-89

References

https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/MegaTKC/2021/Exploit
https://web.archive.org/web/20211008092238/https://github.com/MegaTKC/AeroCMSExploit
https://www.exploit-db.com/exploits/51022ExploitVDB Entry
https://www.vulncheck.com/advisories/aero-cms-sql-injectionThird Party Advisory

FAQ

What is CVE-2022-50895?

CVE-2022-50895 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Aero CMS 0.0.1 contains a SQL injection vulnerability in the author parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, time-based, and UN...

How severe is CVE-2022-50895?

CVE-2022-50895 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-50895?

Check the references section above for vendor advisories and patch information. Affected products include: Aerocms Project Aerocms.