2 matches found
SQL Injection
Overview ghost is a publishing platform Affected versions of this package are vulnerable to SQL Injection in the the slug filter ordering logic in the Content API. An attacker can access and read arbitrary data from the database by injecting crafted SQL queries through the filter parameter in API...
CVE-2026-24778
Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an attacker was able to craft a malicious link that, when accessed by an authenticated staff user or member, would execute JavaScript with the victim's permissions, potentially...