10 matches found
Exploit for SQL Injection in Ghost
CVE-2026-26980 👻 Ghost CMS Unauthenticated SQLi via Content...
Ghost 注入漏洞
Ghost is a hosting service developed by the Ghost open-source project. Versions of Ghost from 0.7.2 to 6.19.0 have a vulnerability related to injections. This vulnerability arises due to specially crafted malicious themes that may execute arbitrary code on the server...
Ghost SQL注入漏洞
Ghost is a hosting service developed by the Ghost open-source project. Versions of Ghost from 3.24.0 to 6.19.0 have SQL injection vulnerabilities. These vulnerabilities stem from unvalidated code, which may allow unauthorized attackers to execute arbitrary reads from the database...
CVE-2026-24778
Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's permissions, potentially...
Ghost vulnerable to XSS via malicious Portal preview links
Impact An attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's permissions, potentially leading to account takeover. Vulnerable versions This vulnerability is present in Ghost versions: - v5.43.0 to...
GHSA-GV6Q-2M97-882H Ghost vulnerable to XSS via malicious Portal preview links
Impact An attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's permissions, potentially leading to account takeover. Vulnerable versions This vulnerability is present in Ghost versions: - v5.43.0 to...
BIT-GHOST-2026-22595 Ghost has Staff Token permission bypass
Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints to be accessed that were only intended to be accessible via Staff Session authentication. Externa...
Incorrect Authorization
Overview ghost is a publishing platform Affected versions of this package are vulnerable to Incorrect Authorization via improper handling of authentication for endpoints intended for Staff Session access. An attacker can gain unauthorized access to restricted endpoints by using Staff Tokens...
GHSA-5FP7-G646-CCF4 Ghost has Staff 2FA bypass
Impact A vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. Vulnerable versions This vulnerability is present in Ghost v5.105.0 to v5.130.5 to and Ghost v6.0.0 to v6.10.3. Patches v5.130.6 and v6.11.0 contain a fix for this issue. References Ghost thanks Sho Odagiri of G...
ghost-as-middleware (=1.0.0), ghost-blade (=0.1.0) +3 more potentially affected by CVE-2022-27139 via ghost (>=0.11.14 <=1.26.2)
ghost NPM version =0.11.14, =0.1.7, =0.1.10 - persistent-ghost =0.8.2 - sign-alex =1.0.1 Source cves: CVE-2022-27139 Source advisory: OSV:GHSA-FVC6-QJP7-M4G4...