An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, files can only be uploaded and published by trusted users, this is intentional.
Metrics
Affected Vendors & Products
References
History
Sun, 05 Jul 2026 12:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, files can only be uploaded and published by trusted users, this is intentional | An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, files can only be uploaded and published by trusted users, this is intentional. |
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-07-09T00:18:33.337Z
Reserved: 2022-04-04T00:00:00.000Z
Link: CVE-2022-28397
No data.
Status : Modified
Published: 2022-04-12T17:15:10.730
Modified: 2026-06-17T04:38:29.837
Link: CVE-2022-28397
No data.
OpenCVE Enrichment
No data.