Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-08-28
Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php.
CVSS Score
9.8
EPSS Score
0.012
Published
2018-09-10
Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-09-10
CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-03-01
Page 2