MegaTKC AeroCMS
0 remedies
cpe:2.3:a:aerocms_project:aerocms:*:*:*:*:*:*:*
0 remedies
- 0.0.1
Aero CMS SQL Injection Vulnerability
Vulnerability
A SQL injection vulnerability has been identified in Aero CMS version 0.0.1, specifically in the 'author' parameter. This vulnerability allows attackers to manipulate database queries and extract sensitive information. Exploitation techniques include boolean-based, error-based, time-based, and UNION query injections, which could potentially lead to a complete database compromise.
Impact
Exploitation of this vulnerability allows for arbitrary SQL query execution, leading to unauthorized data access, data manipulation, and potential full database compromise.
Reproduction
To reproduce this vulnerability, send a GET request to the 'author' parameter with crafted SQL payloads. The injection can be verified by using payloads that exploit boolean-based blind, error-based, time-based blind, or UNION query injection techniques. Successful exploitation can be demonstrated by extracting database information or executing database commands that indicate the injection was successful.
Added: Jan 13, 2026, 11:23 PM
Updated: Jan 13, 2026, 11:23 PM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
2.5exploitability
9.7remediation
0.0relevance
2.0threat
6.4urgency
2.9incentive
10.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.