PatchSiren cyber security CVE debrief
CVE-2022-50944 Exploit Db CVE debrief
CVE-2022-50944 is a high-severity PHP code injection issue in Aero CMS 0.0.1. An authenticated attacker can abuse the image upload handling in the admin posts.php endpoint (source=add_post) to place malicious PHP content on the server, which can then be executed by the application environment.
- Vendor
- Exploit Db
- Product
- Unknown
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-10
- Original CVE updated
- 2026-05-10
- Advisory published
- 2026-05-10
- Advisory updated
- 2026-05-10
Who should care
Organizations running Aero CMS 0.0.1, especially if the admin interface is reachable from untrusted networks, should treat this as a priority. Security teams responsible for web application hardening, file-upload controls, and monitoring of PHP execution paths should also review exposure.
Technical summary
The NVD record describes an authenticated file-upload/code-injection flaw in Aero CMS 0.0.1. The vulnerable flow involves the admin posts.php endpoint with source=add_post and the image parameter, where malicious files containing PHP code can be uploaded and then executed server-side. NVD maps the weakness to CWE-94 and assigns a high CVSS score with network reachability and low required privileges.
Defensive priority
Urgent. The combination of authenticated access, arbitrary PHP execution, and potential full compromise of the web application makes this a high-priority web app security issue.
Recommended defensive actions
- Identify whether Aero CMS 0.0.1 is deployed anywhere in your environment, including test, staging, and internet-facing instances.
- Restrict access to the admin posts.php endpoint and require strong authentication plus network-level access controls where possible.
- Review upload handling for the image parameter and ensure uploaded content cannot be executed as PHP.
- Disable PHP execution in upload directories or separate user-uploaded content from executable web roots.
- Inspect application and web-server logs for suspicious activity targeting posts.php with source=add_post and unusual file uploads.
- Remove or isolate affected deployments until a vendor fix or compensating control is in place.
Evidence notes
This debrief is based on the supplied NVD record and referenced sources. The source metadata identifies the issue as an authenticated PHP code injection in Aero CMS 0.0.1, with CVSS 4.0 vector details including PR:L and high impact to confidentiality, integrity, and availability. The supplied references include the AeroCMS GitHub repository, an Exploit-DB entry, and a VulnCheck advisory. No exploit steps or unsupported remediation claims are included.
Official resources
Publicly disclosed in the NVD record and linked references on 2026-05-10, based on the supplied CVE timeline.