CVE-2022-50944
PHP Code Injection in Aero CMS
Publication date: 2026-05-10
Last updated on: 2026-05-10
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| aero_cms | aero_cms | 0.0.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
Aero CMS version 0.0.1 contains a PHP code injection vulnerability (CVE-2022-50944) that allows authenticated attackers to execute arbitrary PHP code on the server.
Attackers exploit this flaw by uploading malicious PHP files through the image parameter in the admin posts.php endpoint with the source=add_post parameter.
Once these malicious PHP files are uploaded, the server executes them, which can lead to attackers gaining control over the system.
How can this vulnerability impact me? :
This vulnerability can have a significant impact as it allows attackers with authentication to execute arbitrary PHP code on the server.
Successful exploitation can lead to full system compromise, unauthorized access, data theft, or disruption of services.
Given the high CVSS score of 8.7, the risk posed by this vulnerability is considerable.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious file uploads to the admin posts.php endpoint, specifically those using the source=add_post parameter with the image parameter containing PHP code.
You can check your web server logs for POST requests to posts.php with source=add_post and inspect the uploaded files for PHP code embedded in the image parameter.
A possible command to detect such uploads on a Linux server might be:
- grep -i 'posts.php' /var/log/apache2/access.log | grep 'source=add_post'
Additionally, you can search for suspicious PHP files in the upload directories with commands like:
- find /path/to/uploads -name '*.php' -exec grep -l '<?php' {} +
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows authenticated attackers to execute arbitrary PHP code on the server by uploading malicious files, which can lead to unauthorized access and control over the system.
Such unauthorized access and potential data breaches can compromise the confidentiality, integrity, and availability of sensitive data, which are critical requirements under common standards and regulations like GDPR and HIPAA.
Therefore, exploitation of this vulnerability could result in non-compliance with these regulations due to failure to adequately protect personal or health-related data.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting authenticated users' ability to upload files through the image parameter in the admin posts.php endpoint.
You should implement strict validation and sanitization of uploaded files to ensure that only allowed image types are accepted and that no PHP code can be uploaded.
Additionally, consider disabling the execution of PHP files in the upload directories by configuring your web server to prevent execution of scripts in those locations.
If possible, update Aero CMS to a version that patches this vulnerability or apply any available security patches.