Ericfrank900528

**Name of the Vulnerable Software and Affected Versions** IonizeCMS version 1.0.8.1 **Description** The issue is related to a SQL injection vulnerability. It occurs via the `id page` parameter in the `article model.php` file, located in the `application/models` directory. **Recommendations** For IonizeCMS version 1.0.8.1, as a temporary workaround, consider restricting access to the `article model.php` file or avoiding the use of the `id page` parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IonizeCMS version 1.0.8.1 **Description** The issue is related to a command injection vulnerability. It occurs via the function `copy lang content` in the file `application/models/lang model.php`. **Recommendations** For IonizeCMS version 1.0.8.1, as a temporary workaround, consider disabling the `copy lang content` function until a patch is available. Restrict access to the `lang model.php` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Import WP WordPress plugin versions prior to 2.4.6 **Description** The issue allows high privilege users, such as admins, to upload arbitrary files, including PHP files, due to a lack of validation on imported files in certain cases. This can lead to remote code execution. **Recommendations** For versions prior to 2.4.6, update to version 2.4.6 or later to resolve the issue.