VYPR

Hoosk

by Havok89

CVEs (2)

  • CVE-2018-16771CriSep 10, 2018
    risk 0.64cvss 9.8epss 0.03

    Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php.

  • CVE-2018-7590HigMar 1, 2018
    risk 0.57cvss 8.8epss 0.01

    CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation.