Pwdido

**Name of the Vulnerable Software and Affected Versions** Hoosk version 1.8 **Description** An arbitrary file upload vulnerability in the "/attachments" component allows attackers to execute arbitrary code via a crafted PHP file. **Recommendations** For Hoosk version 1.8, consider disabling the "/attachments" component until a patch is available to prevent arbitrary file uploads and subsequent code execution.