CVE-2022-50895 HIGH

CVE-2022-50895: Aero CMS 0.0.1 - SQL Injection

Vendor Megatkc
Product Aero CMS
Weakness CWE-89 · SQLi
Published January 13, 2026
Last update April 7, 2026

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Aero CMS 0.0.1 contains a SQL injection vulnerability in the author parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, time-based, and UNION query techniques to extract sensitive database information and potentially compromise the system.

Key dates

02Disclosure timeline

January 13, 2026 CVE published
April 7, 2026 Record updated

Related vulnerabilities

04Related CVE