CVE-2022-28397

Name of the Vulnerable Software and Affected Versions Ghost CMS version 4.42.0

Description An arbitrary file upload vulnerability in the file upload module of Ghost CMS allows attackers to execute arbitrary code via a crafted file. The vendor states that files can only be uploaded and published by trusted users, which is intentional.

Recommendations For Ghost CMS version 4.42.0, consider restricting file upload capabilities to trusted users as a mitigation measure until a patch is available. As a temporary workaround, consider disabling the file upload module to minimize the risk of exploitation.