Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-40028

Published: 15/08/2023 Updated: 23/08/2023
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Ghost

Vulnerability Summary

Ghost is an open source content management system. Versions before 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's `content/` folder. Version 5.59.1 contains a fix for this issue. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Vulnerable Product Search on Vulmon Subscribe to Product

ghost ghost

Vendor Advisories

Check Point Security Alerts: Ghost Arbitrary File Upload (CVE-2023-40028)
Check Point Reference: CPAI-2023-1622 Date Published: 7 Apr 2024 Severity: Medium ...

Github Repositories

https://github.com/0xyassine/CVE-2023-40028

CVE-2023-40028 Proof of Concept This repository contains a proof of concept (POC) for CVE-2023-40028, demonstrating a vulnerability in the Ghost content management system where authenticated users can upload symlinks, leading to arbitrary file read vulnerabilities Disclaimer This POC is provided for educational and research purposes only It is strictly forbidden to use this P

https://github.com/0xyassine/poc-seeker

automated tool designed to streamline the search and identification of Proofs of Concept (POCs)

POC Seeker POC Seeker is an innovative tool designed to streamline the process of finding and analyzing Proof of Concept (PoC) codes for known Common Vulnerabilities and Exposures (CVEs) Features CVE Search: Quickly search for CVEs to find associated PoC exploits Database Integration: Access a comprehensive database of CVEs with their detailed descriptions and associated Po

References

CWE-59https://github.com/TryGhost/Ghost/security/advisories/GHSA-9c9v-w225-v5rghttps://github.com/TryGhost/Ghost/commit/690fbf3f7302ff3f77159c0795928bdd20f41205https://nvd.nist.govhttps://github.com/0xyassine/CVE-2023-40028https://github.com/0xyassine/poc-seekerhttps://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2023-1622.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook