Skip to main content

Ionize

4 CVEs product

Monthly

CVE-2022-29307 CRITICAL POC THREAT Act Now

IonizeCMS v1.0.8.1 was discovered to contain a command injection vulnerability via the function copy_lang_content in application/models/lang_model.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Code Injection Command Injection Ionize
NVD GitHub
CVSS 3.1
9.8
EPSS
17.8%
CVE-2022-29306 CRITICAL POC Act Now

IonizeCMS v1.0.8.1 was discovered to contain a SQL injection vulnerability via the id_page parameter in application/models/article_model.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ionize
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-26272 CRITICAL POC THREAT Act Now

A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows attackers to execute arbitrary code via a crafted string written to the file application/config/config.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Ionize
NVD GitHub
CVSS 3.1
9.8
EPSS
22.5%
CVE-2017-5961 MEDIUM POC This Month

An issue was discovered in ionize through 1.0.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ionize
NVD GitHub
CVSS 3.0
6.1
EPSS
0.2%
EPSS 18% CVSS 9.8
CRITICAL POC THREAT Act Now

IonizeCMS v1.0.8.1 was discovered to contain a command injection vulnerability via the function copy_lang_content in application/models/lang_model.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Code Injection +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

IonizeCMS v1.0.8.1 was discovered to contain a SQL injection vulnerability via the id_page parameter in application/models/article_model.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ionize
NVD GitHub
EPSS 22% CVSS 9.8
CRITICAL POC THREAT Act Now

A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows attackers to execute arbitrary code via a crafted string written to the file application/config/config.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Ionize
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in ionize through 1.0.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ionize
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy