Ghost SQL注入漏洞

Ghost is a hosting service developed by the Ghost open-source project. Versions of Ghost from 3.24.0 to 6.19.0 have SQL injection vulnerabilities. These vulnerabilities stem from unvalidated code, which may allow unauthorized attackers to execute arbitrary reads from the database...

Ghost cross-site scripting vulnerabilities

Ghost is a hosting service developed by the Ghost open-source project. Versions of Ghost from 5.43.0 to 5.12.04, as well as 6.0.0 to 6.14.0, have a cross-site scripting vulnerability. This vulnerability arises because specially crafted links may execute JavaScript, potentially leading to account...

Ghost 授权问题漏洞

Ghost is a hosting service of Ghost Open Source. An authorization issue vulnerability exists in Ghost versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, which stems from a flaw in Ghost's two-factor authentication mechanism that could cause a staff user to skip two-factor authentication f...