Filtered by vendor Hoosk
Subscriptions
Total
11 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-43234 | 1 Hoosk | 1 Hoosk | 2024-11-21 | 9.8 Critical |
An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
CVE-2022-28586 | 1 Hoosk | 1 Hoosk | 2024-11-21 | 6.1 Medium |
XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars. | ||||
CVE-2021-43478 | 1 Hoosk | 1 Hoosk | 2024-11-21 | 5.4 Medium |
A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a failure to check if config.php already exists in the root directory, which could let a malicious user reinstall the website. | ||||
CVE-2020-26043 | 1 Hoosk | 1 Hoosk | 2024-11-21 | 6.1 Medium |
An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerability in install/index.php | ||||
CVE-2020-26042 | 1 Hoosk | 1 Hoosk | 2024-11-21 | 9.8 Critical |
An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php | ||||
CVE-2020-26041 | 1 Hoosk | 1 Hoosk | 2024-11-21 | 9.8 Critical |
An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in install/index.php | ||||
CVE-2020-16610 | 1 Hoosk | 1 Hoosk | 2024-11-21 | 4.3 Medium |
Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention. | ||||
CVE-2018-7590 | 1 Hoosk | 1 Hoosk | 2024-11-21 | N/A |
CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation. | ||||
CVE-2018-16772 | 1 Hoosk | 1 Hoosk | 2024-11-21 | N/A |
Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new. | ||||
CVE-2018-16771 | 1 Hoosk | 1 Hoosk | 2024-11-21 | N/A |
Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php. | ||||
CVE-2024-51055 | 1 Hoosk | 1 Hoosk | 2024-11-13 | 6.5 Medium |
An issue Hoosk v1.7.1 allows a remote attacker to execute arbitrary code via a crafted script to the config.php component. |
Page 1 of 1.