old reported CVE-2018-16772

CVE-2018-16772.md

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16772

In file: Hoosk-master\hoosk\hoosk0\models\Hoosk_model.php

public function createPage(){
//....
$contentdata = array(
    'pageID'          => $rows->pageID,
    'pageTitle'       => $this->input->post('pageTitle'),
    'navTitle'        => $this->input->post('navTitle'),
    'pageContent'     => $this->input->post('content'),
    'pageContentHTML' => $HTMLContent,
);

$this->db->insert('hoosk_page_content', $contentdata);
//...
}

In file Hoosk-master\hoosk\hoosk0\controllers\admin\Pages.php

public function pageSearch(){
   $this->Hoosk_model->pageSearch($this->input->post('term'));
}

In file: Hoosk-master\hoosk\hoosk0\models\Hoosk_model.php

public function pageSearch($term){
   $this->db->select("*");
   $this->db->like("pageTitle", $term);
   $this->db->join('hoosk_page_content', 'hoosk_page_content.pageID = hoosk_page_attributes.pageID');
   $this->db->join('hoosk_page_meta', 'hoosk_page_meta.pageID = hoosk_page_attributes.pageID');
   $this->db->limit($limit, $offset);
   $query = $this->db->get('hoosk_page_attributes');
   if ($term == "") {
       $this->db->limit(15);
   }
   if ($query->num_rows() > 0) {
       $results = $query->result_array();
       foreach ($results as $p):
           echo '<tr>';
       echo '<td>' . $p['navTitle'] . '</td>';
       //...
       endforeach;
   }
}