CVE-2022-50895

CRITICAL 9.8

Aero CMS 0.0.1 - SQL Injection

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

0th

Aero CMS 0.0.1 contains a SQL injection vulnerability in the author parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, time-based, and UNION query techniques to extract sensitive database information and potentially compromise the system.

CWE	CWE-89
Vendor	megatkc
Product	aero cms
Published	Jan 13, 2026
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for megatkc aero cms

Be the first to know when new critical vulnerabilities affecting megatkc aero cms are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

MegaTKC / Aero CMS

0.0.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/51022 web.archive.org: https://web.archive.org/web/20211008092238/https://github.com/MegaTKC/AeroCMS github.com: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/MegaTKC/2021/AeroCMS-v0.0.1-SQLi vulncheck.com: https://www.vulncheck.com/advisories/aero-cms-sql-injection

Credits

nu11secur1ty