Количество 3
Количество 3
CVE-2023-40028
Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's `content/` folder. Version 5.59.1 contains a fix for this issue. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-40028
Ghost is an open source content management system. Versions prior to 5 ...
GHSA-9c9v-w225-v5rg
Ghost vulnerable to arbitrary file read via symlinks in content import
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-40028 Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's `content/` folder. Version 5.59.1 contains a fix for this issue. All users are advised to upgrade. There are no known workarounds for this vulnerability. | CVSS3: 4.9 | 78% Высокий | больше 2 лет назад |
| CVE-2023-40028 Ghost is an open source content management system. Versions prior to 5 ... | CVSS3: 4.9 | 78% Высокий | больше 2 лет назад |
| GHSA-9c9v-w225-v5rg Ghost vulnerable to arbitrary file read via symlinks in content import | CVSS3: 4.9 | 78% Высокий | больше 2 лет назад |
Уязвимостей на страницу