Skip to main content

Hoosk CVE-2020-16610

MEDIUM
Cross-Site Request Forgery (CSRF) (CWE-352)
2020-08-28 cve@mitre.org
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 28, 2020 - 17:15 nvd
MEDIUM 4.3

DescriptionNVD

Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention.

AnalysisAI

Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention. Affected products include: Hoosk. Version information: before 1.7.2.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

More in Hoosk

View all
CVE-2022-43234 CRITICAL POC
9.8 Nov 16

An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary

CVE-2020-26042 CRITICAL POC
9.8 Sep 30

An issue was discovered in Hoosk CMS v1.8.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploita

CVE-2020-26041 CRITICAL POC
9.8 Sep 30

An issue was discovered in Hoosk CmS v1.8.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploita

CVE-2018-16771 CRITICAL POC
9.8 Sep 10

Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php.

CVE-2024-51055 MEDIUM POC
6.5 Nov 08

An issue Hoosk v1.7.1 allows a remote attacker to execute arbitrary code via a crafted script to the config.php componen

CVE-2025-25990 MEDIUM POC
6.1 Feb 14

Cross Site Scripting vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the

CVE-2022-28586 MEDIUM POC
6.1 Apr 25

XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payloa

CVE-2020-26043 MEDIUM POC
6.1 Sep 30

An issue was discovered in Hoosk CMS v1.8.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitabl

CVE-2025-25991 MEDIUM POC
5.1 Feb 14

SQL Injection vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /instal

CVE-2025-25988 MEDIUM POC
4.8 Feb 14

Cross Site Scripting vulnerability in hooskcms v.1.8 allows a remote attacker to cause a denial of service via the custo

CVE-2018-16772 MEDIUM POC
4.8 Sep 10

Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new. Rated medium severity (CVSS 4

CVE-2018-7590 HIGH
8.8 Mar 01

CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in account creation. Rated high severity (CVSS 8.8), this

Share

CVE-2020-16610 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy