Old reported CVE-2022-28586

CVE-2022-28586.md

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28586

In file Hoosk-master\hoosk\hoosk0\models\Hoosk_model.php

public function updatePage($id){
    // Update the page

    if ($this->input->post('content') != "") {
        $sirTrevorInput = $this->input->post('content');
        $converter      = new Converter();
        $HTMLContent    = $converter->toHtml($sirTrevorInput);
    } 

    //...
    $contentdata = array(
        'pageTitle'       => $this->input->post('pageTitle'),
        'navTitle'        => $this->input->post('navTitle'),
        'pageContent'     => $this->input->post('content'),
        'pageContentHTML' => $HTMLContent,
    );
    $this->db->where("pageID", $id);
    $this->db->update('hoosk_page_content', $contentdata);
}

In file Hoosk-master\hoosk\hoosk0\controllers\Hoosk_default.php

public function index(){
   //...
   $this->data['page'] = $this->Hoosk_page_model->getPage($pageURL);
   $this->load->view('templates/' . $this->data['page']['pageTemplate'], $this->data);
}

In file Hoosk-master\hoosk\hoosk0\models\Hoosk_model.php

public function getPage($id){
   // Get the page details
   $this->db->select("*");
   $this->db->where("hoosk_page_attributes.pageID", $id);
   $this->db->join('hoosk_page_content', 'hoosk_page_content.pageID = hoosk_page_attributes.pageID');
   $this->db->join('hoosk_page_meta', 'hoosk_page_meta.pageID = hoosk_page_attributes.pageID');
   $query = $this->db->get('hoosk_page_attributes');
   if ($query->num_rows() > 0) {
       return $query->result_array();
   }
   return array();
}

In file C:\projects\ci\Hoosk-master\theme\dark\templates\page.php

<?php echo $page['pageContentHTML']; ?>