havok89/Hoosk

havok89/Hoosk

Unavailable

This project is no longer available (or publicly accessible) from GitHub

Releases18

Frequency3 months 1 week

Last Release about 6 years ago

Stars128

Hoosk Codeigniter CMS

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-51055 ↗	Nov 8, 2024Friday, 8 November 2024, 19:15	6.5 MEDIUM	—
An issue Hoosk v1.7.1 allows a remote attacker to execute arbitrary code via a crafted script to the config.php component.
CVE-2022-43234 ↗	Nov 16, 2022Wednesday, 16 November 2022, 15:15	9.8 CRITICAL	—
An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-28586 ↗	Apr 25, 2022Monday, 25 April 2022, 13:15	6.1 MEDIUM	4.3 MEDIUM
XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars.
CVE-2020-16610 ↗	Aug 28, 2020Friday, 28 August 2020, 17:15	4.3 MEDIUM	4.3 MEDIUM
Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention.
CVE-2018-16771 ↗	Sep 10, 2018Monday, 10 September 2018, 04:29	—	7.5 HIGH
Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php.
CVE-2018-16772 ↗	Sep 10, 2018Monday, 10 September 2018, 04:29	—	3.5 LOW
Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new.
CVE-2018-7590 ↗	Mar 1, 2018Thursday, 1 March 2018, 22:29	—	6.8 MEDIUM
CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation.