一、 漏洞 CVE-2023-40028 基础信息
漏洞标题
通过符号链接在 Ghost 中读取任意文件
来源:AIGC 神龙大模型
漏洞描述信息
通过Ghost中的符号链接实现任意文件读取
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
来源:AIGC 神龙大模型
漏洞类别
在文件访问前对链接解析不恰当(链接跟随)
来源:AIGC 神龙大模型
漏洞标题
Arbitrary file read via symlinks in Ghost
来源:美国国家漏洞数据库 NVD
漏洞描述信息
Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's `content/` folder. Version 5.59.1 contains a fix for this issue. All users are advised to upgrade. There are no known workarounds for this vulnerability.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
来源:美国国家漏洞数据库 NVD
漏洞类别
对路径名的限制不恰当(路径遍历)
来源:美国国家漏洞数据库 NVD
漏洞标题
Ghost Foundation Ghost 后置链接漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Ghost Foundation Ghost是Ghost开源的一款用 JavaScript 编写的个人博客系统。 Ghost 5.59.1 版本之前存在后置链接漏洞,该漏洞源于允许经过身份验证的用户上传符号链接文件。攻击者利用该漏洞可以读取任意文件。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
后置链接
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2023-40028 的公开POC
# POC 描述 源链接 神龙链接
1 None https://github.com/0xyassine/CVE-2023-40028 POC详情
2 CVE-2023-40028 wirkt sich auf Ghost, ein Open-Source-Content-Management-System (CMS) aus. https://github.com/BBSynapse/CVE-2023-40028 POC详情
3 CVE-2023-40028 affects Ghost, an open source content management system, where versions prior to 5.59.1 allow authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. https://github.com/0xDTC/Ghost-5.58-Arbitrary-File-Read-CVE-2023-40028 POC详情
4 None https://github.com/sudlit/CVE-2023-40028 POC详情
5 Arbitrary file read in Ghost-CMS allows an attacker to upload a malicious ZIP file with a symlink. https://github.com/monke443/CVE-2023-40028-Ghost-Arbitrary-File-Read POC详情
6 CVE-2023-40028 PoC Exploit https://github.com/rvizx/CVE-2023-40028 POC详情
7 None https://github.com/godylockz/CVE-2023-40028 POC详情
8 None https://github.com/rehan6658/CVE-2023-40028 POC详情
9 CVE-2023-40028 is a security vulnerability affecting Ghost CMS versions prior to 5.59.1. https://github.com/syogod/CVE-2023-40028 POC详情
10 Arbitrary file read in Ghost-CMS allows an attacker to upload a malicious ZIP file with a symlink. https://github.com/monke443/CVE-2023-40028 POC详情
11 POC for CVE-2023-40028: Ghost CMS Arbitrary File Read https://github.com/buutt3rf1y/CVE-2023-40028 POC详情
三、漏洞 CVE-2023-40028 的情报信息