Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-32235

Published: 05/05/2023 Updated: 11/05/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Ghost

Vulnerability Summary

Ghost prior to 5.42.1 allows remote malicious users to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

ghost ghost

Github Repositories

https://github.com/VEEXH/Ghost-Path-Traversal-CVE-2023-32235-

A Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder.

Bug Bounty Report - Ghost Path Traversal (CVE-2023-32235) Summary The Ghost application is vulnerable to a path traversal vulnerability, identified as CVE-2023-32235 This vulnerability allows an attacker to access sensitive files outside the intended directory by manipulating the "packagejson" file path Vulnerability Details CVE ID: CVE-2023-32235 Vulnerability Ty

References

CWE-22https://github.com/TryGhost/Ghost/commit/378dd913aa8d0fd0da29b0ffced8884579598b0fhttps://github.com/TryGhost/Ghost/compare/v5.42.0...v5.42.1https://nvd.nist.govhttps://github.com/VEEXH/Ghost-Path-Traversal-CVE-2023-32235-
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook