The vulnerability of the Ghost content management system, related to inconsistencies in responses to incoming requests, allows a hacker to disclose confidential information.

🗓️ 10 Nov 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Ghost CMS flaw causes inconsistent responses and may disclose confidential data via HTTP request.

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2022-41697	22 Dec 202212:13	–	circl
CNNVD	Ghost CMS 安全漏洞	22 Dec 202200:00	–	cnnvd
CNVD	Ghost Information Disclosure Vulnerability	26 Dec 202200:00	–	cnvd
CVE	CVE-2022-41697	23 Dec 202223:03	–	cve
Cvelist	CVE-2022-41697	23 Dec 202223:03	–	cvelist
Nuclei	Ghost CMS - User Enumeration	11 Jun 202603:33	–	nuclei
NVD	CVE-2022-41697	22 Dec 202210:15	–	nvd
OSV	BIT-GHOST-2022-41697	6 Mar 202410:53	–	osv
Prion	Design/Logic Flaw	22 Dec 202210:15	–	prion
Positive Technologies	PT-2022-7088	22 Dec 202200:00	–	ptsecurity

Vulners

Node

ghost ghostMatch5.9.4

Source	Link
talosintelligence	www.talosintelligence.com/vulnerability_reports/TALOS-2022-1625
bleepingcomputer	www.bleepingcomputer.com/news/security/ghost-cms-vulnerable-to-critical-authentication-bypass-flaw/
web	www.web.nvd.nist.gov/view/vuln/detail
talosintelligence	www.talosintelligence.com/reports/TALOS-2022-1625

10 Nov 2023 00:00Current

6.2Medium risk

Vulners AI Score6.2

CVSS 25

CVSS 35.3

EPSS0.18554

Ghost content management Inconsistent responses Confidential data disclosure Crafted web request Security vulnerability