Home / Vulnerability Intelligence / CVE-2022-50944

CVE-2022-50944 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: May 10, 2026

Aero CMS - Command Injection

Published: May 10, 2026Updated: May 10, 2026Remote Exploitable

Overview

Aero CMS 0.0.1 contains a command injection caused by uploading malicious PHP files through the image parameter in admin posts.php with source=add_post, letting authenticated attackers execute arbitrary PHP code.

Severity & Score

Severity: High

CVSS Score: 8.8

Impact

Authenticated attackers can execute arbitrary PHP code on the server, potentially leading to full system compromise.

Mitigation

Update to the latest version with proper file upload validation and sanitization.

References

https://www.exploit-db.com/exploits/51085
https://www.vulncheck.com/advisories/aero-cms-php-code-injection-via-posts-php
https://github.com/MegaTKC/AeroCMS

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2022-50944
Severity: High
CVSS Score: 8.8
Type: command_injection
Status: new

CWE

CWE-94

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H