Lucene search
K

6 matches found

Packet Storm
Packet Storm
added 2025/08/12 12:0 a.m.133 views

📄 Ghost CMS Path Traversal

Ghost CMS versions prior to 5.42.1 contain a path traversal vulnerability that allows remote attackers to read arbitrary files within the active theme's folder structure. !/usr/bin/env python3 -- coding: utf-8 -- """ Exploit Title: Ghost CMS 5.42.1 - Path Traversal Date: 2023-06-15 Exploit...

7.5CVSS7.3AI score0.39078EPSS
Exploits3
VulnCheck KEV
VulnCheck KEV
added 2023/12/04 12:0 a.m.7 views

VulnCheck KEV: CVE-2023-32235

Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js...

7.5CVSS7.2AI score0.39078EPSS
Exploits3References1
Circl
Circl
added 2023/05/05 12:24 p.m.125 views

CVE-2023-32235

creationtimestamp| type| source ---|---|--- 2023-05-05 12:24:20+00:00| seen| https://t.me/cibsecurity/63356 2023-07-11 13:12:49+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/8650 2023-07-15 21:16:33+00:00| published-proof-of-concept| https://t.me/dilagrafie/3121...

7.5CVSS7.1AI score0.39078EPSS
In wildExploits3References8
Vulnrichment
Vulnrichment
added 2023/05/05 12:0 a.m.13 views

CVE-2023-32235

Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js...

7.4AI score0.39078EPSS
Exploits3References2
OSV
OSV
added 2023/05/05 12:0 a.m.22 views

CVE-2023-32235

Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js...

7.5CVSS7.2AI score0.39078EPSS
Exploits3References4
CVE
CVE
added 2023/05/05 12:0 a.m.153 views

CVE-2023-32235

CVE-2023-32235 affects Ghost CMS up to version 5.42.0 (pre-5.42.1). A path-traversal vulnerability in frontend/web/middleware/static-theme.js allows remote attackers to read arbitrary files within the active theme’s folder by traversing directories via /assets/built%2F..%2F..%2F/. The CVE is well...

7.5CVSS7.3AI score0.39078EPSS
In wildExploits3References2Affected Software1
Rows per page
Query Builder