3 matches found
CVE-2026-22596
Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's /ghost/api/admin/members/events endpoint allows users with authentication credentials for the Admin API to execute arbitrary SQL. This issue has been patched in...
CVE-2026-22596 Ghost has SQL Injection in Members Activity Feed
Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's /ghost/api/admin/members/events endpoint allows users with authentication credentials for the Admin API to execute arbitrary SQL. This issue has been patched in...
PT-2026-2218
Name of the Vulnerable Software and Affected Versions Ghost versions 5.90.0 through 5.130.5 Ghost versions 6.0.0 through 6.10.3 Description Ghost is a Node.js content management system. A flaw in the /ghost/api/admin/members/events API endpoint permits authenticated Admin API users to execute...