VYPR

Hoosk

by Hoosk

CVEs (11)

  • CVE-2022-43234CriNov 16, 2022
    risk 0.64cvss 9.8epss 0.01

    An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file.

  • CVE-2020-26042CriSep 30, 2020
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php

  • CVE-2020-26041CriSep 30, 2020
    risk 0.64cvss 9.8epss 0.03

    An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in install/index.php

  • CVE-2024-51055MedNov 8, 2024
    risk 0.42cvss 6.5epss 0.01

    An issue Hoosk v1.7.1 allows a remote attacker to execute arbitrary code via a crafted script to the config.php component.

  • CVE-2025-25990MedFeb 14, 2025
    risk 0.40cvss 6.1epss 0.00

    Cross Site Scripting vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component.

  • CVE-2022-28586MedApr 25, 2022
    risk 0.40cvss 6.1epss 0.01

    XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars.

  • CVE-2020-26043MedSep 30, 2020
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerability in install/index.php

  • CVE-2021-43478MedMar 31, 2022
    risk 0.35cvss 5.4epss 0.01

    A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a failure to check if config.php already exists in the root directory, which could let a malicious user reinstall the website.

  • CVE-2025-25991MedFeb 14, 2025
    risk 0.33cvss 5.1epss 0.00

    SQL Injection vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component.

  • CVE-2025-25988MedFeb 14, 2025
    risk 0.31cvss 4.8epss 0.00

    Cross Site Scripting vulnerability in hooskcms v.1.8 allows a remote attacker to cause a denial of service via the custom Link title parameter and the Title parameter.

  • CVE-2020-16610MedAug 28, 2020
    risk 0.28cvss 4.3epss 0.00

    Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention.