CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8134
https://notcve.org/view.php?id=CVE-2020-8134
Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems. Una vulnerabilidad de tipo Server-side request forgery (SSRF) en Ghost CMS versiones anteriores a 3.10.0, permite a un atacante escanear redes locales o externas o si no interactuar con sistemas internos. • https://hackerone.com/reports/793704 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10983 – Ghost <= 0.5.5 - Missing Authorization Checks
https://notcve.org/view.php?id=CVE-2016-10983
The ghost plugin before 0.5.6 for WordPress has no access control for wp-admin/tools.php?ghostexport=true downloads of exported data. El plugin ghost versiones anteriores a 0.5.6 para WordPress, no posee un control de acceso para descargas de datos exportados de wp-admin/tools.php?ghostexport=true . The Ghost plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp-admin/tools.php? • https://packetstormsecurity.com/files/136887 https://wordpress.org/plugins/ghost/#developers • CWE-287: Improper Authentication CWE-862: Missing Authorization •