Back to KEVs

CVE-2023-32235

Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory...

Basic Information

CVE State
PUBLISHED
Reserved Date
May 05, 2023
Published Date
May 05, 2023
Last Updated
January 29, 2025
Vendor
n/a
Product
n/a
Description
Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.
Tags
nuclei_scanner

CVSS Scores

CVSS v3.1

7.5 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

SSVC Information

Exploitation
none
Automatable
Yes
Technical Impact
partial

Exploit Status

Proof of Concept Available
Yes (added 2023-07-09 20:01:11 UTC) Source

References

https://github.com/TryGhost/Ghost/commit/378dd913aa8d0fd0da29b0ffced8884579598b0f https://github.com/TryGhost/Ghost/compare/v5.42.0...v5.42.1

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2025-07-14 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-32235.yaml 2025-04-25 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

AXRoux/Ghost-Path-Traversal-CVE-2023-32235-

Type: github • Created: 2023-07-09 20:01:11 UTC • Stars: 4

A Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder.

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Proof of Concept Exploit Available

  • Detected by Nuclei

  • Added to KEVIntel