CVE-2022-28397

Опубликовано: 12 апр. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, files can only be uploaded and published by trusted users, this is intentional

Ссылки

http://ghost.com
Product
https://ghost.org/customers/
Product
https://ghost.org/docs/security/#privilege-escalation-attacks
https://github.com/TryGhost/Ghost
Third Party Advisory
https://trends.builtwith.com/cms/Ghost
Product
https://youtu.be/PncfBetPk2g
Exploit
Third Party Advisory
http://ghost.com
Product
https://ghost.org/customers/
Product
https://ghost.org/docs/security/#privilege-escalation-attacks
https://github.com/TryGhost/Ghost
Third Party Advisory
https://trends.builtwith.com/cms/Ghost
Product
https://youtu.be/PncfBetPk2g
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ghost:ghost:4.42.0:*:*:*:*:node.js:*:*

EPSS

Процентиль: 88%

0.04027

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434

Связанные уязвимости

CVE-2022-28397

CVSS3: 9.8

debian

почти 4 года назад

An arbitrary file upload vulnerability in the file upload module of Gh ...

GHSA-ffhq-g856-9f2p

CVSS3: 9.8

github

почти 4 года назад

Arbitrary file upload in Ghost

EPSS

Процентиль: 88%

0.04027

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434