Hoosk
Products
1- 11 CVEs
Recent CVEs
11| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-43234 | Cri | 0.64 | 9.8 | 0.01 | Nov 16, 2022 | An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file. | ||
| CVE-2020-26042 | Cri | 0.64 | 9.8 | 0.01 | Sep 30, 2020 | An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php | ||
| CVE-2020-26041 | Cri | 0.64 | 9.8 | 0.03 | Sep 30, 2020 | An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in install/index.php | ||
| CVE-2024-51055 | Med | 0.42 | 6.5 | 0.01 | Nov 8, 2024 | An issue Hoosk v1.7.1 allows a remote attacker to execute arbitrary code via a crafted script to the config.php component. | ||
| CVE-2025-25990 | Med | 0.40 | 6.1 | 0.00 | Feb 14, 2025 | Cross Site Scripting vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component. | ||
| CVE-2022-28586 | Med | 0.40 | 6.1 | 0.01 | Apr 25, 2022 | XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars. | ||
| CVE-2020-26043 | Med | 0.40 | 6.1 | 0.01 | Sep 30, 2020 | An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerability in install/index.php | ||
| CVE-2021-43478 | Med | 0.35 | 5.4 | 0.01 | Mar 31, 2022 | A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a failure to check if config.php already exists in the root directory, which could let a malicious user reinstall the website. | ||
| CVE-2025-25991 | Med | 0.33 | 5.1 | 0.00 | Feb 14, 2025 | SQL Injection vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component. | ||
| CVE-2025-25988 | Med | 0.31 | 4.8 | 0.00 | Feb 14, 2025 | Cross Site Scripting vulnerability in hooskcms v.1.8 allows a remote attacker to cause a denial of service via the custom Link title parameter and the Title parameter. | ||
| CVE-2020-16610 | Med | 0.28 | 4.3 | 0.00 | Aug 28, 2020 | Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention. |
- risk 0.64cvss 9.8epss 0.01
An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection vulnerability in install/index.php
- risk 0.64cvss 9.8epss 0.03
An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in install/index.php
- risk 0.42cvss 6.5epss 0.01
An issue Hoosk v1.7.1 allows a remote attacker to execute arbitrary code via a crafted script to the config.php component.
- risk 0.40cvss 6.1epss 0.00
Cross Site Scripting vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component.
- risk 0.40cvss 6.1epss 0.01
XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars.
- risk 0.40cvss 6.1epss 0.01
An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerability in install/index.php
- risk 0.35cvss 5.4epss 0.01
A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a failure to check if config.php already exists in the root directory, which could let a malicious user reinstall the website.
- risk 0.33cvss 5.1epss 0.00
SQL Injection vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component.
- risk 0.31cvss 4.8epss 0.00
Cross Site Scripting vulnerability in hooskcms v.1.8 allows a remote attacker to cause a denial of service via the custom Link title parameter and the Title parameter.
- risk 0.28cvss 4.3epss 0.00
Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention.