91 matches found
CVE-2018-16771
Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php...
CVE-2018-16771
CVE-2018-16771 affects Hoosk v1.7.0. The vulnerability arises from a SiteUrl provided during installation being mishandled in config.php, enabling PHP code execution. Documents from NVD/OSV/CVE lists consistently attribute a PHP code execution impact with high/critical severity (CVSS v2/v3 provid...
CVE-2018-16772
CVE-2018-16772 affects Hoosk v1.7.0. The vulnerability is a cross-site scripting (XSS) issue exploitable via the Navigation Title when creating a new page at admin/pages/new. The attack vector is user-facing via the web interface, with the underlying cause described as a navigation title handling...
Hoosk Cross-Site Scripting Vulnerability
Hoosk is a lightweight user-centered content management system CMS. The system has built-in Codelgniter for creating responsive websites. A cross-site scripting vulnerability exists in Hoosk 1.7.0, which can be exploited by an attacker via the navigation title of a new page entered at...
Hoosk PHP Code Execution Vulnerability
Hoosk is a user-centered content management system CMS. The system has built-in Codelgniter for creating responsive websites. Hoosk 1.7.0 suffers from a PHP code execution vulnerability that can be exploited by an attacker to execute arbitrary code via the SiteUrl provided during installation...
Hoosk Cross-Site Request Forgery Vulnerability
Hoosk is a lightweight user-centered content management system CMS. The system has built-in Codelgniter for creating responsive websites. A cross-site request forgery vulnerability exists in Hoosk version 1.7.0. A remote attacker can exploit the vulnerability to create an account with the help of...
CVE-2018-7590
CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation...
Cross site request forgery (csrf)
CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation...
CVE-2018-7590
CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation...
CVE-2018-7590
CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation...
CVE-2018-7590
Hoosk CMS version 1.7.0 is affected by a Cross-Site Request Forgery (CSRF) vulnerability via the endpoint /admin/users/new/add, which allows an attacker to cause account creation. The issue is documented across multiple feeds (NVD/CNVD/osv/prion variants) with the same description. Connections co...