CVE-2023-32235

HIGH EXPLOITED NUCLEI

Ghost < 5.42.1 - Path Traversal

Title source: rule

Description

Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.

Exploits (3)

exploitdb WORKING POC

by İbrahimsql · pythonwebappsmultiple

https://www.exploit-db.com/exploits/52408

View Code ZIP pw:eip

nomisec WRITEUP 4 stars

by AXRoux · poc

https://github.com/AXRoux/Ghost-Path-Traversal-CVE-2023-32235-

View Code ZIP pw:eip

inthewild WRITEUP

poc

https://github.com/veexh/ghost-path-traversal-cve-2023-32235-

View Code ZIP pw:eip

Nuclei Templates (1)

Ghost CMS < 5.42.1 - Path Traversal

HIGHVERIFIEDby j3ssie

Shodan: http.component:"Ghost" || http.component:"ghost"

References (2)

[Patch] https://github.com/TryGhost/Ghost/commit/378dd913aa8d0fd0da29b0ffced8884579598b0f

[Release Notes] https://github.com/TryGhost/Ghost/compare/v5.42.0...v5.42.1

Scores

CVSS v3 7.5

EPSS 0.9409

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2023-12-04

CWE

CWE-22

Status published

Products (2)

ghost/ghost < 5.42.1

npm/ghost 0 - 5.42.1npm

Published May 05, 2023

Tracked Since Feb 18, 2026