CVE-2022-41697

MEDIUM NUCLEI

Ghost Foundation Ghost <5.9.4 - Info Disclosure

Title source: llm

Description

A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send a series of HTTP requests to trigger this vulnerability.

Nuclei Templates (1)

Ghost CMS - User Enumeration

MEDIUMVERIFIEDby ritikchaddha

Shodan: http.component:"ghost"

FOFA: app="Ghost"

References (1)

[Exploit, Third Party Advisory] https://talosintelligence.com/vulnerability_reports/TALOS-2022-1625

Scores

CVSS v3 5.3

EPSS 0.1308

EPSS Percentile 94.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-204

Status published

Products (1)

ghost/ghost 5.9.4

Published Dec 22, 2022

Tracked Since Feb 18, 2026