Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28586
In file Hoosk-master\hoosk\hoosk0\models\Hoosk_model.php
public function updatePage($id){
// Update the page
if ($this->input->post('content') != "") {
$sirTrevorInput = $this->input->post('content');
$converter = new Converter();
$HTMLContent = $converter->toHtml($sirTrevorInput);
}
//...
$contentdata = array(
'pageTitle' => $this->input->post('pageTitle'),
'navTitle' => $this->input->post('navTitle'),
'pageContent' => $this->input->post('content'),
'pageContentHTML' => $HTMLContent,
);
$this->db->where("pageID", $id);
$this->db->update('hoosk_page_content', $contentdata);
}
In file Hoosk-master\hoosk\hoosk0\controllers\Hoosk_default.php
public function index(){
//...
$this->data['page'] = $this->Hoosk_page_model->getPage($pageURL);
$this->load->view('templates/' . $this->data['page']['pageTemplate'], $this->data);
}
In file Hoosk-master\hoosk\hoosk0\models\Hoosk_model.php
public function getPage($id){
// Get the page details
$this->db->select("*");
$this->db->where("hoosk_page_attributes.pageID", $id);
$this->db->join('hoosk_page_content', 'hoosk_page_content.pageID = hoosk_page_attributes.pageID');
$this->db->join('hoosk_page_meta', 'hoosk_page_meta.pageID = hoosk_page_attributes.pageID');
$query = $this->db->get('hoosk_page_attributes');
if ($query->num_rows() > 0) {
return $query->result_array();
}
return array();
}
In file C:\projects\ci\Hoosk-master\theme\dark\templates\page.php
<?php echo $page['pageContentHTML']; ?>