Ghost has a SQL Injection in its Content API

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

SQL命令中使用的特殊元素转义处理不恰当(SQL注入)

Ghost SQL注入漏洞

Ghost是Ghost开源的一个托管服务。 Ghost 3.24.0版本至6.19.0版本存在SQL注入漏洞，该漏洞源于未经验证，可能导致未授权攻击者从数据库执行任意读取。

N/A

N/A