What is CVE-2022-50944?

CVE-2022-50944 is a high-severity vulnerability in Megatkc Aero Cms, classified under Code Injection. CVSS score: 8.8/10. Published 2026-05-10.

How severe is CVE-2022-50944?

High severity. CVSS v3 base score is 8.8 out of 10.

RCE in Megatkc Aero Cms

CVE-2022-50944

Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.001 (16.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Megatkc Aero Cms — versions 0.0.1

Weakness classification (CWE)

CWE-94 — Code Injection

References

disclosure@vulncheck.com (exploit)
disclosure@vulncheck.com (product)
disclosure@vulncheck.com (third-party-advisory)

Frequently asked questions

What is CVE-2022-50944?: CVE-2022-50944 is a high-severity vulnerability in Megatkc Aero Cms, classified under Code Injection. CVSS score: 8.8/10. Published 2026-05-10.
How severe is CVE-2022-50944?: High severity. CVSS v3 base score is 8.8 out of 10.