Vulnerability Details CVE-2022-28397
An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, files can only be uploaded and published by trusted users, this is intentional
Exploit prediction scoring system (EPSS) score
EPSS Score 0.04
EPSS Ranking 88.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://ghost.com
- https://ghost.org/customers/
- https://ghost.org/docs/security/#privilege-escalation-attacks
- https://github.com/TryGhost/Ghost
- https://trends.builtwith.com/cms/Ghost
- https://youtu.be/PncfBetPk2g
- http://ghost.com
- https://ghost.org/customers/
- https://ghost.org/docs/security/#privilege-escalation-attacks
- https://github.com/TryGhost/Ghost
- https://trends.builtwith.com/cms/Ghost
- https://youtu.be/PncfBetPk2g