Exploit for SQL Injection in Ghost

version Unauthenticated Stored Cross-Site Scripting CVE-2026-...

📄 Ghost CMS 6.19.0 SQL Injection

This is a Metasploit auxiliary module targeting a blind, unauthenticated SQL injection vulnerability in the Ghost CMS Content API that affects versions 3.24.0 through 6.19.0...

BIT-GHOST-2026-29053 Ghost Vulnerable to Remote Code Execution via Malicious Themes

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1...

CVE-2026-29053

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1...

CVE-2026-29053 Ghost Vulnerable to Remote Code Execution via Malicious Themes

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1...

CVE-2026-29053 Ghost Vulnerable to Remote Code Execution via Malicious Themes

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1...

CVE-2026-29053 Ghost Vulnerable to Remote Code Execution via Malicious Themes

Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1...

Ghost 注入漏洞

Ghost is a hosting service developed by the Ghost open-source project. Versions of Ghost from 0.7.2 to 6.19.0 have a vulnerability related to injections. This vulnerability arises due to specially crafted malicious themes that may execute arbitrary code on the server...

CVE-2026-26980

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1...

CVE-2026-26980 Ghost has a SQL Injection in its Content API

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1...

CVE-2026-26980

CVE-2026-26980 is Ghost CMS unauthenticated SQL injection in the Content API (pre-6.19.1). Affected Ghost versions are 3.24.0 through 6.19.0; fixed in 6.19.1. The vulnerability allows reading arbitrary data from the database, with reports indicating attackers can exfiltrate sensitive data such as...

CVE-2026-26980 Ghost has a SQL Injection in its Content API

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1...

GHSA-W52V-V783-GW97 Ghost has a SQL injection in Content API

Impact A SQL injection vulnerability existed in Ghost's Content API that allowed unauthenticated attackers to read arbitrary data from the database. Vulnerable Versions This vulnerability is present in Ghost v3.24.0 to v6.19.0. Patches v6.19.1 contains a fix for this issue. Note: as this...

PT-2026-20787

Name of the Vulnerable Software and Affected Versions Ghost versions 3.24.0 through 6.19.0 Description A blind SQL injection exists in the Content API of Ghost, a Node.js content management system. This flaw allows unauthenticated attackers to perform arbitrary reads from the database by sending...

PT-2026-6115

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.19.0-rc2+ Description The Linux kernel contains an issue within the ena network driver related to a missing lock when updating devlink parameters. Specifically, a warning was observed during the call to devl...

CVE-2025-64507 Incus vulnerable to local privilege escalation through custom storage volumes

Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true...

Kovid Goyal Calibre Code Issue Vulnerability

Kovid Goyal Calibre is an open source, free, all-in-one eBook reading management and formatting tool by Kovid Goyal, an individual developer in India. A security vulnerability exists in Kovid Goyal Calibre versions prior to 6.19.0, which stems from the default ability to add resources outside of...