Description
An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, files can only be uploaded and published by trusted users, this is intentional.
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
Github GHSA |
GHSA-ffhq-g856-9f2p | Arbitrary file upload in Ghost |
References
History
Sun, 05 Jul 2026 12:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, files can only be uploaded and published by trusted users, this is intentional | An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, files can only be uploaded and published by trusted users, this is intentional. |
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-07-09T00:18:33.337Z
Reserved: 2022-04-04T00:00:00.000Z
Link: CVE-2022-28397
No data.
Status : Modified
Published: 2022-04-12T17:15:10.730
Modified: 2026-06-17T04:38:29.837
Link: CVE-2022-28397
No data.
OpenCVE Enrichment
No data.
Weaknesses
Github GHSA