Vulnerability Description
An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, files can only be uploaded and published by trusted users, this is intentional
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ghost | Ghost | 4.42.0 |
Related Weaknesses (CWE)
References
- http://ghost.comProduct
- https://ghost.org/customers/Product
- https://ghost.org/docs/security/#privilege-escalation-attacks
- https://github.com/TryGhost/GhostThird Party Advisory
- https://trends.builtwith.com/cms/GhostProduct
- https://youtu.be/PncfBetPk2gExploitThird Party Advisory
- http://ghost.comProduct
- https://ghost.org/customers/Product
- https://ghost.org/docs/security/#privilege-escalation-attacks
- https://github.com/TryGhost/GhostThird Party Advisory
- https://trends.builtwith.com/cms/GhostProduct
- https://youtu.be/PncfBetPk2gExploitThird Party Advisory
FAQ
What is CVE-2022-28397?
CVE-2022-28397 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security...
How severe is CVE-2022-28397?
CVE-2022-28397 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-28397?
Check the references section above for vendor advisories and patch information. Affected products include: Ghost Ghost.