Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
CVE-2022-50944: Aero CMS allows attackers to run malicious code
CVE-2022-50944
Summary
Aero CMS has a security flaw that lets attackers with a login run their own code on the server. This could lead to unauthorized changes or data theft. To fix this, update Aero CMS to the latest version or use a secure alternative.
Original title
Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can ...
Original description
Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=add_post parameter, and the uploaded files are executed by the server.
nvd CVSS3.1
8.8
nvd CVSS4.0
8.7
Vulnerability type
CWE-94
Code Injection
Published: 10 May 2026 · Updated: 28 May 2026 · First seen: 10 May 2026