Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16772
In file: Hoosk-master\hoosk\hoosk0\models\Hoosk_model.php
public function createPage(){
//....
$contentdata = array(
'pageID' => $rows->pageID,
'pageTitle' => $this->input->post('pageTitle'),
'navTitle' => $this->input->post('navTitle'),
'pageContent' => $this->input->post('content'),
'pageContentHTML' => $HTMLContent,
);
$this->db->insert('hoosk_page_content', $contentdata);
//...
}
In file Hoosk-master\hoosk\hoosk0\controllers\admin\Pages.php
public function pageSearch(){
$this->Hoosk_model->pageSearch($this->input->post('term'));
}
In file: Hoosk-master\hoosk\hoosk0\models\Hoosk_model.php
public function pageSearch($term){
$this->db->select("*");
$this->db->like("pageTitle", $term);
$this->db->join('hoosk_page_content', 'hoosk_page_content.pageID = hoosk_page_attributes.pageID');
$this->db->join('hoosk_page_meta', 'hoosk_page_meta.pageID = hoosk_page_attributes.pageID');
$this->db->limit($limit, $offset);
$query = $this->db->get('hoosk_page_attributes');
if ($term == "") {
$this->db->limit(15);
}
if ($query->num_rows() > 0) {
$results = $query->result_array();
foreach ($results as $p):
echo '<tr>';
echo '<td>' . $p['navTitle'] . '</td>';
//...
endforeach;
}
}