Ghost
CVE-2022-27139
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The uploading of SVG files to Ghost does not represent a remote code execution vulnerability. SVGs are not executable on the server, and may only execute javascript in a client's browser - this is expected and intentional functionality
AnalysisAI
An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Unrestricted File Upload (CWE-434), which allows attackers to upload malicious files that can be executed on the server. An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The uploading of SVG files to Ghost does not represent a remote code execution vulnerability. SVGs are not executable on the server, and may only execute javascript in a client's browser - this is expected and intentional functionality Affected products include: Ghost.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate file types server-side, store uploads outside webroot, use random filenames, scan for malware.
An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitr
Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X
Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any acco
Ghost before 5.82.0 allows CSV Injection during a member CSV export. Rated high severity (CVSS 8.8), this vulnerability
Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external netw
Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2
Ghost is a Node.js CMS. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication
Ghost is an open source content management system. Rated medium severity (CVSS 6.5), this vulnerability is remotely expl
Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.0.0 through 6.
Web cache poisoning in the Ghost Node.js CMS before 6.37.0 lets an unauthenticated attacker inject an x-ghost-preview he
A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. Rated medium severit
Ghost is an open source content management system. [CVSS 8.8 HIGH]
Share
External POC / Exploit Code
Leaving vuln.today