ionizecms CVE Vulnerabilities & CVE List (4)

Products (CPE): — CVEs: 4

ionizecms vulnerability overview

Aggregates CVE and security vulnerability intelligence across all ionizecms-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Common weakness patterns include vendor risk sql injection and vendor risk cross-site scripting, with potential vendor impact session compromise and vendor impact data exposure across vendor surface software deployment use cases.

Vulnerability distribution trend (last 24 months)

CVE	Summary	Source	Max CVSS	EPSS %	Published	Updated
CVE-2022-29307	IonizeCMS v1.0.8.1 was discovered to contain a command injection vulnerability via the function copy_lang_content in application/models/lang_model.php.	[email protected]	9.8	6.67%	2022-05-12	2024-11-21
CVE-2022-29306	IonizeCMS v1.0.8.1 was discovered to contain a SQL injection vulnerability via the id_page parameter in application/models/article_model.php.	[email protected]	9.8	0.23%	2022-05-12	2024-11-21
CVE-2022-26272	A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows attackers to execute arbitrary code via a crafted string written to the file application/config/config.php.	[email protected]	9.8	3.03%	2022-03-24	2024-11-21
CVE-2017-5961	An issue was discovered in ionize through 1.0.8. The vulnerability exists due to insufficient filtration of user-supplied data in the "path" HTTP GET parameter passed to the "ionize-master/themes/admin/javascript/tinymce/jscripts/tiny_mce/plugins/codemirror/dialog.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.	[email protected]	6.1	0.23%	2017-02-12	2026-05-13

cvelogic Threat Intelligence