CVE-2023-32235

CVSS 7.5 HIGHEPSS 39.1%CWE-22

Vexday Risk Score

68High priority

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 7.5EPSS 39.1%KEV nãoPoC públicaNuclei simMetasploit —Patch —

Lifecycle

05 May 2023Published on NVD

09 Jul 2023Public PoC

Recommendation: Plan a near-term fix — a public PoC already exists.

Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

n/a · n/a

public PoCs found — 2

githubgithub.com/AXRoux/Ghost-Path-Traversal-CVE-2023-32235-★ 4 exploitdbwww.exploit-db.com/exploits/52408unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/TryGhost/Ghost/commit/378dd913aa8d0fd0da29b0ffced8884579598b0f https://github.com/TryGhost/Ghost/compare/v5.42.0...v5.42.1