Detections
Analytics

Ghost CMS 5.42.1 - Path Traversal (CVE-2023-32235)

high Nessus Plugin ID 271812

Language:

Synopsis

Ghost CMS before version 5.42.1 contains a path traversal vulnerability.

Description

The vulnerability exists in the /assets/built/ endpoint which improperly handles directory traversal sequences (../../) allowing unauthorized file access.
 This can lead to disclosure of sensitive configuration files, environment variables, and other critical application data.

Solution

Update to Ghost CMS version 5.42.1 or higher

See Also

https://www.exploit-db.com/exploits/52408

Plugin Details

Severity: High

ID: 271812

File Name: ghost_cms_path_traversal_cve-2023-32235.nbin

Version: 1.1

Type: remote

Family: CGI abuses

Published: 10/28/2025

Updated: 10/28/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Vulnerability Information

CPE: cpe:/a:ghost:ghost

Required KB Items: installed_sw/Ghost

Exploited by Nessus: true

Patch Publication Date: 5/5/2023

Vulnerability Publication Date: 5/5/2023

Reference Information

CVE: CVE-2023-32235