CVE-2022-50944

MegaTKC · Aero CMS

A code injection vulnerability in MegaTKC Aero CMS 0.0.1 allows an authenticated attacker to execute arbitrary code via the posts.php component.

Executive summary

An authenticated code injection vulnerability in Aero CMS 0.0.1 poses a high risk of remote code execution.

Vulnerability

This is a code injection vulnerability (CWE-94) residing in the posts.php component. The vulnerability requires the attacker to have low-level privileges (PR:L) to successfully trigger the injection.

Business impact

Successful exploitation allows an attacker to execute arbitrary code, potentially leading to full system compromise, data exfiltration, or unauthorized administrative control. With a CVSS score of 8.8, this represents a high-severity threat that could result in significant operational disruption and loss of sensitive data.

Remediation

Immediate Action: Review official vendor communications for available security patches and apply them immediately. If no official patch is released, disable the affected functionality or restrict access to the CMS administrative interfaces.

Proactive Monitoring: Monitor server access logs for suspicious POST requests targeting posts.php and look for anomalous execution patterns from authenticated user accounts.

Compensating Controls: Implement a Web Application Firewall (WAF) with rules configured to detect and block common code injection payloads targeting PHP environments.

Exploitation status

Public Exploit Available: Yes — an entry exists on ExploitDB.

Analyst recommendation

Given the high CVSS score and the availability of a public exploit, administrators must treat this vulnerability with high urgency. Organizations should prioritize patching or implementing restrictive access controls to prevent unauthorized code execution.