cbcvebase.

Ionizecms Ionize vulnerabilities

4 known vulnerabilities affecting ionizecms/ionize.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2022-29307P2CRITICALCVSS 9.8v1.0.8.12022-05-12
CVE-2022-29307 [CRITICAL] CWE-94 CVE-2022-29307: IonizeCMS v1.0.8.1 was discovered to contain a command injection vulnerability via the function copy IonizeCMS v1.0.8.1 was discovered to contain a command injection vulnerability via the function copy_lang_content in application/models/lang_model.php.
nvd
CVE-2022-26272P2CRITICALCVSS 9.8v1.0.8.12022-03-24
CVE-2022-26272 [CRITICAL] CVE-2022-26272: A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows attackers to execute arbitrary A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows attackers to execute arbitrary code via a crafted string written to the file application/config/config.php.
nvd
CVE-2022-29306P3CRITICALCVSS 9.8v1.0.8.12022-05-12
CVE-2022-29306 [CRITICAL] CWE-89 CVE-2022-29306: IonizeCMS v1.0.8.1 was discovered to contain a SQL injection vulnerability via the id_page parameter IonizeCMS v1.0.8.1 was discovered to contain a SQL injection vulnerability via the id_page parameter in application/models/article_model.php.
nvd
CVE-2017-5961P4MEDIUMCVSS 6.1≤ 1.0.82017-02-12
CVE-2017-5961 [MEDIUM] CWE-79 CVE-2017-5961: An issue was discovered in ionize through 1.0.8. The vulnerability exists due to insufficient filtra An issue was discovered in ionize through 1.0.8. The vulnerability exists due to insufficient filtration of user-supplied data in the "path" HTTP GET parameter passed to the "ionize-master/themes/admin/javascript/tinymce/jscripts/tiny_mce/plugins/codemirror/dialog.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the co
nvd
Ionizecms Ionize vulnerabilities | cvebase