CVE-2020-16610
MEDIUM EPSS 29.1%
Published Aug 28, 20205y ago · Modified Jun 17, 20262w ago
4.3 CVSS 3.1
Published Aug 28, 2020 5y ago
Last Modified Jun 17, 2026 2w ago
Description
Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality None
Integrity Low
Availability None
Threat Intelligence
EPSS Exploit Probability
29.1% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-352 Cross-Site Request Forgery (CSRF) Authentication
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| hoosk | hoosk | * | <1.7.2 |
References 2
- github.com https://github.com/havok89/Hoosk/issues/53
- github.com https://github.com/havok89/Hoosk/pull/56
Remediation
- github.com https://github.com/havok89/Hoosk/pull/56