13 matches found
CVE-2023-40028
Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site administrators can...
Exploit for Path Traversal in Ghost
CVE-2023-40028 POC for CVE-2023-40028: Ghost CMS Arbitrary Fil...
CVE-2023-40028
creationtimestamp| type| source ---|---|--- 2025-03-07 10:00:06+00:00| published-proof-of-concept| Telegram/DSUpJzd535KWvozjCvixS0aCLxmEfW4QzhCQOssRq3Zo9k 2025-04-12 15:00:15+00:00| seen| https://bsky.app/profile/0xdf.bsky.social/post/3lmmsdrpgls2z 2025-04-14 23:00:06+00:00|...
Exploit for Path Traversal in Ghost
CVE-2023-40028: Ghost CMS Symlink Exploitation PoC Overv...
Ghost CMS 5.59.1 Arbitrary File Read
Ghost CMS version 5.59.1 proof of concept arbitrary file reading exploit. ============================================================================================================================================= | Title : Ghost CMS v 5.59.1 PHP Code Injection Vulnerability | | Author :...
Exploit for Path Traversal in Ghost
CVE-2023-40028: Ghost CMS Arbitrary File Read Description...
Exploit for Path Traversal in Ghost
CVE-2023-40028 PoC Exploit Symlink Upload Vulnerability in Gho...
Exploit for Path Traversal in Ghost
Proof of Concept PoC for CVE-2023-40028 CVE-2023-40028 is a...
Exploit for Path Traversal in Ghost
Ghost Arbitrary File Read Exploit CVE-2023-40028 Over...
Exploit for Path Traversal in Ghost
CVE-2023-40028 Proof of Concept This repository contains a pr...
ghost-as-middleware (=1.0.0), ghost-blade (=0.1.0) +3 more potentially affected by CVE-2023-40028 via ghost (>=0.11.14 <=1.26.2)
ghost NPM version =0.11.14, =0.1.7, =0.1.10 - persistent-ghost =0.8.2 - sign-alex =1.0.1 Source cves: CVE-2023-40028 Source advisory: OSV:GHSA-9C9V-W225-V5RG...
CVE-2023-40028 Arbitrary file read via symlinks in Ghost
Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site administrators can...
CVE-2023-40028
CVE-2023-40028 affects Ghost CMS versions prior to 5.59.1. The issue arises in the file upload mechanism where authenticated users can upload symlinks, enabling arbitrary file reads on the host (e.g., reading sensitive files outside the Ghost content directory). The primary documented impact is i...