Hoosk Security Vulnerabilities
Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php.
9.8CVSS
9.6AI Score
0.004EPSS
Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new.
4.8CVSS
4.8AI Score
0.001EPSS
8.8CVSS
8.7AI Score
0.001EPSS
Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention.
4.3CVSS
4.5AI Score
0.001EPSS
An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in install/index.php
9.8CVSS
9.7AI Score
0.012EPSS
An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php
9.8CVSS
9.7AI Score
0.002EPSS
An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerability in install/index.php
6.1CVSS
5.9AI Score
0.001EPSS
A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a failure to check if config.php already exists in the root directory, which could let a malicious user reinstall the website.
5.4CVSS
5.3AI Score
0.001EPSS
XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars.
6.1CVSS
6.1AI Score
0.001EPSS
An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file.
9.8CVSS
9.6AI Score
0.003EPSS