Intrusion PreventionGhost.CMS.static-theme.js.Path.Traversal
Description
This indicates an attack attempt to exploit a Directory Traversal Vulnerability in Ghost Foundation Ghost.
The vulnerability is due to improper validation of the user-supplied path in the static-theme.js component. A remote, unauthorized attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in disclosing sensitive information.
Affected Products
Ghost Foundation Ghost prior to 5.42.1
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://github.com/advisories/GHSA-wf7x-fh6w-34r6
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2024-07-25 | 28.833 | Name:Ghost. CMS. static-theme. js. Directory. Traversal:Ghost. CMS. static-theme. js. Path. Traversal |
| 2023-08-24 | 25.627 | Sig Added |
| 2023-07-26 | 25.609 | Default_action:pass:drop |
| 2023-07-10 | 24.596 |
| ID | 53095 |
| Created | May 22, 2023 |
| Updated | Jul 23, 2024 |
| Risk |
|
| CVE ID | CVE-2023-32235 |
| Exploit Prediction Score | 91.04% |
| Default Action | drop |
| Active | |
| Affected OS | All |
| Affected App | Other |