Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-32235

EPSS 94.09% · P100
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-32235

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Ghost 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Ghost CMS是新加坡Ghost基金会的一套使用JavaScript编写的开源无头内容管理系统(CMS)。 Ghost 5.42.1 之前版本存在安全漏洞,该漏洞源于frontend/web/middleware/static-theme.js存在安全问题,攻击者利用该漏洞可以通过目录遍历读取活动主题文件夹内的任意文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2023-32235

#POC DescriptionSource LinkShenlong Link
1A Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder.https://github.com/VEEXH/Ghost-Path-Traversal-CVE-2023-32235-POC Details
2A Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder.https://github.com/AXRoux/Ghost-Path-Traversal-CVE-2023-32235-POC Details
3Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-32235.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-32235

登录查看更多情报信息。

Same Patch Batch · n/a · 2023-05-05 · 21 CVEs total

CVE-2017-201833.5 LOWExternal Media without Import Plugin external-media-without-import.php print_media_new_pan
CVE-2023-29934LLVM project 缓冲区错误漏洞
CVE-2023-30065MitraStar GPT-2741GNAC-N2 安全漏洞
CVE-2023-29963S-CMS 安全漏洞
CVE-2023-29659libheif 数字错误漏洞
CVE-2023-32269Linux kernel 资源管理错误漏洞
CVE-2023-30013TOTOLINK X5000R 操作系统命令注入漏洞
CVE-2023-30243Netcon NS-ASG SQL注入漏洞
CVE-2023-29932LLVM project 缓冲区错误漏洞
CVE-2023-29933LLVM project 缓冲区错误漏洞
CVE-2023-30090SEMCMS 代码问题漏洞
CVE-2023-29935LLVM project 安全漏洞
CVE-2023-29939LLVM project 缓冲区错误漏洞
CVE-2023-29941LLVM project 缓冲区错误漏洞
CVE-2023-29942LLVM project 缓冲区错误漏洞
CVE-2023-30053TOTOLINK A7100RU 操作系统命令注入漏洞
CVE-2023-30054TOTOLINK A7100RU 操作系统命令注入漏洞
CVE-2023-30242Netcon NS-ASG SQL注入漏洞
CVE-2023-30122Online Food Ordering System 代码问题漏洞
CVE-2023-30135Tenda AC18 命令注入漏洞

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2023-32235

No comments yet

Leave a comment