6 matches found
📄 Ghost CMS Path Traversal
Ghost CMS versions prior to 5.42.1 contain a path traversal vulnerability that allows remote attackers to read arbitrary files within the active theme's folder structure. !/usr/bin/env python3 -- coding: utf-8 -- """ Exploit Title: Ghost CMS 5.42.1 - Path Traversal Date: 2023-06-15 Exploit...
VulnCheck KEV: CVE-2023-32235
Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js...
CVE-2023-32235
creationtimestamp| type| source ---|---|--- 2023-05-05 12:24:20+00:00| seen| https://t.me/cibsecurity/63356 2023-07-11 13:12:49+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/8650 2023-07-15 21:16:33+00:00| published-proof-of-concept| https://t.me/dilagrafie/3121...
CVE-2023-32235
Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js...
CVE-2023-32235
Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js...
CVE-2023-32235
CVE-2023-32235 affects Ghost CMS up to version 5.42.0 (pre-5.42.1). A path-traversal vulnerability in frontend/web/middleware/static-theme.js allows remote attackers to read arbitrary files within the active theme’s folder by traversing directories via /assets/built%2F..%2F..%2F/. The CVE is well...