RSS   Vulnerabilities for 'Ionize'   RSS

2022-05-12
 
CVE-2022-29306

CWE-89
 

 
IonizeCMS v1.0.8.1 was discovered to contain a SQL injection vulnerability via the id_page parameter in application/models/article_model.php.

 
2022-03-24
 
CVE-2022-26272

CWE-94
 

 
A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows attackers to execute arbitrary code via a crafted string written to the file application/config/config.php.

 
2017-02-11
 
CVE-2017-5961

 

 
An issue was discovered in ionize through 1.0.8. The vulnerability exists due to insufficient filtration of user-supplied data in the "path" HTTP GET parameter passed to the "ionize-master/themes/admin/javascript/tinymce/jscripts/tiny_mce/plugins/codemirror/dialog.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

 


Copyright 2024, cxsecurity.com

 

Back to Top