CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-29484 – DOM XSS in Theme Preview
https://notcve.org/view.php?id=CVE-2021-29484
29 Apr 2021 — Ghost is a Node.js CMS. An unused endpoint added during the development of 4.0.0 has left sites vulnerable to untrusted users gaining access to Ghost Admin. Attackers can gain access by getting logged in users to click a link containing malicious code. Users do not need to enter credentials and may not know they've visited a malicious site. Ghost(Pro) has already been patched. • https://blog.sonarsource.com/ghost-admin-takeover • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8134
https://notcve.org/view.php?id=CVE-2020-8134
20 Mar 2020 — Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan local or external network or otherwise interact with internal systems. Una vulnerabilidad de tipo Server-side request forgery (SSRF) en Ghost CMS versiones anteriores a 3.10.0, permite a un atacante escanear redes locales o externas o si no interactuar con sistemas internos. • https://hackerone.com/reports/793704 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2016-10983 – Ghost <= 0.5.5 - Missing Authorization Checks
https://notcve.org/view.php?id=CVE-2016-10983
28 Apr 2016 — The ghost plugin before 0.5.6 for WordPress has no access control for wp-admin/tools.php?ghostexport=true downloads of exported data. El plugin ghost versiones anteriores a 0.5.6 para WordPress, no posee un control de acceso para descargas de datos exportados de wp-admin/tools.php?ghostexport=true . The Ghost plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp-admin/tools.php? • https://packetstormsecurity.com/files/136887 • CWE-287: Improper Authentication CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 3CVE-2010-1066 – AWCM - Database Disclosure
https://notcve.org/view.php?id=CVE-2010-1066
23 Mar 2010 — AR Web Content Manager (AWCM) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for control/db_backup.php. AR Web Content Manager (AWCM) v2.1 almacena información sensible bajo el directorio web raíz con un control de acceso insuficiente, lo que permite a atacantes remotos descargar la base de datos a través de una petición directa para control/db_backup.php. • https://www.exploit-db.com/exploits/11025 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 3CVE-2009-3219 – AWCM 2.1 - Local File Inclusion / Authentication Bypass
https://notcve.org/view.php?id=CVE-2009-3219
16 Sep 2009 — Directory traversal vulnerability in a.php in AR Web Content Manager (AWCM) 2.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the a parameter. Vulnerabilidad de salto de directorio en a.php en AR Web Content Manager (AWCM) v2.1, cuando magic_quotes_gpc es desactivado, permite a atacantes remotos incluir y ejecutar archivos locales de su elección a través de ... (punto a punto) en el parámetro a. • https://www.exploit-db.com/exploits/9237 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2009-3218 – AWCM 2.1 - Local File Inclusion / Authentication Bypass
https://notcve.org/view.php?id=CVE-2009-3218
16 Sep 2009 — SQL injection vulnerability in control/login.php in AR Web Content Manager (AWCM) 2.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. Vulnerabilidad de inyección SQL en control/login.php en AR Web Content Manager (AWCM) v2.1, cuando magic_quotes_gpc es disactivado, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro username. • https://www.exploit-db.com/exploits/9237 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •