Vulnerability Details CVE-2022-28397
An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, files can only be uploaded and published by trusted users, this is intentional
Exploit prediction scoring system (EPSS) score
EPSS Score 0.033
EPSS Ranking 86.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://ghost.com
- https://ghost.org/customers/
- https://ghost.org/docs/security/#privilege-escalation-attacks
- https://github.com/TryGhost/Ghost
- https://trends.builtwith.com/cms/Ghost
- https://youtu.be/PncfBetPk2g
- http://ghost.com
- https://ghost.org/customers/
- https://ghost.org/docs/security/#privilege-escalation-attacks
- https://github.com/TryGhost/Ghost
- https://trends.builtwith.com/cms/Ghost
- https://youtu.be/PncfBetPk2g