Description
An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, files can only be uploaded and published by trusted users, this is intentional.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-ffhq-g856-9f2p | Arbitrary file upload in Ghost |
References
History
Sun, 05 Jul 2026 12:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, files can only be uploaded and published by trusted users, this is intentional | An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, files can only be uploaded and published by trusted users, this is intentional. |
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-07-09T00:18:33.337Z
Reserved: 2022-04-04T00:00:00.000Z
Link: CVE-2022-28397
No data.
Status : Modified
Published: 2022-04-12T17:15:10.730
Modified: 2026-06-17T04:38:29.837
Link: CVE-2022-28397
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-434
Unrestricted Upload of File with Dangerous Type
Github GHSA