Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Ghost CMS Theme Path Traversal (CVE-2023-32235)

Description

The Ghost CMS is vulnerable to a path traversal vulnerability. An unauthenticated attacker can read arbitrary files within the active theme's folder.

Remediation

Upgrade to the latest version of Ghost CMS

References

Path Traversal in Ghost

Related Vulnerabilities

Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-18670)

Atlassian Jira CVE-2020-14165 Vulnerability (CVE-2020-14165)

ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1963)

Oracle Application Server CVE-2006-3714 Vulnerability (CVE-2006-3714)

SharePoint CVE-2023-21744 Vulnerability (CVE-2023-21744)

Severity

High

Classification

CVE-2023-32235 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal Known Vulnerabilities