Lucene search
+L

5 matches found

osv
osv
added 2024/03/06 10:54 a.m.25 views

BIT-GHOST-2022-27139

An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The uploadin...

9.8CVSS9.7AI score0.0379EPSS
Exploits1References3
github
github
added 2022/04/13 12:0 a.m.105 views

Arbitrary file upload in Ghost

An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file...

9.8CVSS7AI score0.0379EPSS
Exploits1References4Affected Software1
nvd
nvd
added 2022/04/12 5:15 p.m.28 views

CVE-2022-27139

An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The uploadin...

9.8CVSS0.0379EPSS
Exploits1References2
prion
prion
added 2022/04/12 5:15 p.m.19 views

Remote code execution

DISPUTED An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The...

7.5CVSS9.6AI score0.0379EPSS
Exploits1References2Affected Software1
osv
osv
added 2022/04/12 4:28 p.m.10 views

CVE-2022-27139

An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The uploadin...

9.8CVSS9.7AI score0.0379EPSS
Exploits1References4
Rows per page
Query Builder