Ghost
Monthly
Cross-site request forgery (CSRF) in Ghost CMS versions 5.101.6 through 6.19.2 permits attackers to reuse one-time codes across different login sessions via the /session/verify endpoint, potentially enabling account takeover through phishing attacks. The vulnerability affects Ghost deployments on Node.js and related platforms, requiring no user authentication but relying on user interaction. A patch is available in Ghost version 6.19.3 and later.
Arbitrary code execution in Ghost CMS versions 0.7.2 through 6.19.0 allows authenticated attackers with theme upload privileges to execute malicious code on the server by crafting specially designed theme files. The vulnerability affects Ghost installations running on Node.js and requires high privileges to exploit, though successful attacks compromise complete server integrity with confidentiality, integrity, and availability impact. No patch is currently available for affected versions.
SQL injection in Ghost CMS versions 3.24.0 through 6.19.0 allows unauthenticated attackers to read arbitrary database data. Patch available.
Ghost is an open source content management system. [CVSS 8.8 HIGH]
SQL injection in Ghost's Admin API members/events endpoint enables authenticated administrators to execute arbitrary database queries, affecting versions 5.90.0-5.130.5 and 6.0.0-6.10.3. An attacker with valid Admin API credentials could exploit this to extract, modify, or delete sensitive data stored in the Ghost database. Patches are available in versions 5.130.6 and 6.11.0.
Ghost CMS versions 5.121.0-5.130.5 and 6.0.0-6.10.3 incorrectly allow Staff Token authentication to access endpoints restricted to Staff Session authentication, enabling authenticated Admin/Owner-role users to perform unauthorized actions. An attacker with valid Staff Token credentials for elevated roles could bypass authentication restrictions and access sensitive endpoints not intended for token-based access. Patches are available in versions 5.130.6 and 6.11.0.
Ghost CMS versions 5.105.0-5.130.5 and 6.0.0-6.10.3 contain an authentication bypass in their two-factor authentication implementation that allows authenticated staff members to circumvent email-based 2FA requirements. An attacker with valid staff credentials can exploit this flaw to gain unauthorized access to administrative functions without completing the required second authentication factor. Patches are available in versions 5.130.6 and 6.11.0.
Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.0.0 through 6.0.8, from 5.99.0 through 5.130.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Cross-site request forgery (CSRF) in Ghost CMS versions 5.101.6 through 6.19.2 permits attackers to reuse one-time codes across different login sessions via the /session/verify endpoint, potentially enabling account takeover through phishing attacks. The vulnerability affects Ghost deployments on Node.js and related platforms, requiring no user authentication but relying on user interaction. A patch is available in Ghost version 6.19.3 and later.
Arbitrary code execution in Ghost CMS versions 0.7.2 through 6.19.0 allows authenticated attackers with theme upload privileges to execute malicious code on the server by crafting specially designed theme files. The vulnerability affects Ghost installations running on Node.js and requires high privileges to exploit, though successful attacks compromise complete server integrity with confidentiality, integrity, and availability impact. No patch is currently available for affected versions.
SQL injection in Ghost CMS versions 3.24.0 through 6.19.0 allows unauthenticated attackers to read arbitrary database data. Patch available.
Ghost is an open source content management system. [CVSS 8.8 HIGH]
SQL injection in Ghost's Admin API members/events endpoint enables authenticated administrators to execute arbitrary database queries, affecting versions 5.90.0-5.130.5 and 6.0.0-6.10.3. An attacker with valid Admin API credentials could exploit this to extract, modify, or delete sensitive data stored in the Ghost database. Patches are available in versions 5.130.6 and 6.11.0.
Ghost CMS versions 5.121.0-5.130.5 and 6.0.0-6.10.3 incorrectly allow Staff Token authentication to access endpoints restricted to Staff Session authentication, enabling authenticated Admin/Owner-role users to perform unauthorized actions. An attacker with valid Staff Token credentials for elevated roles could bypass authentication restrictions and access sensitive endpoints not intended for token-based access. Patches are available in versions 5.130.6 and 6.11.0.
Ghost CMS versions 5.105.0-5.130.5 and 6.0.0-6.10.3 contain an authentication bypass in their two-factor authentication implementation that allows authenticated staff members to circumvent email-based 2FA requirements. An attacker with valid staff credentials can exploit this flaw to gain unauthorized access to administrative functions without completing the required second authentication factor. Patches are available in versions 5.130.6 and 6.11.0.
Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.0.0 through 6.0.8, from 5.99.0 through 5.130.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.