Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hoosk hoosk vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-43234
An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows malicious users to execute arbitrary code via a crafted PHP file.
Hoosk Hoosk 1.8.0
6.1
CVSSv3
CVE-2022-28586
XSS in edit page of Hoosk 1.8.0 allows malicious user to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars.
Hoosk Hoosk 1.8.0
5.4
CVSSv3
CVE-2021-43478
A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a failure to check if config.php already exists in the root directory, which could let a malicious user reinstall the website.
Hoosk Hoosk 1.8.0
9.8
CVSSv3
CVE-2020-26041
An issue exists in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in install/index.php
Hoosk Hoosk 1.8.0
9.8
CVSSv3
CVE-2020-26042
An issue exists in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php
Hoosk Hoosk 1.8.0
6.1
CVSSv3
CVE-2020-26043
An issue exists in Hoosk CMS v1.8.0. There is a XSS vulnerability in install/index.php
Hoosk Hoosk 1.8.0
4.3
CVSSv3
CVE-2020-16610
Hoosk Codeigniter CMS prior to 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention.
Hoosk Hoosk
1 Github repository
4.8
CVSSv3
CVE-2018-16772
Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new.
Hoosk Hoosk 1.7.0
9.8
CVSSv3
CVE-2018-16771
Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php.
Hoosk Hoosk 1.7.0
8.8
CVSSv3
CVE-2018-7590
CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation.
Hoosk Hoosk 1.7.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started