CVE-2022-41654 CRITICAL

CVE-2022-41654

Vendor Ghost Foundation

Product Ghost

Weakness CWE-284

Published December 23, 2022

Last update April 14, 2025

View on NVD All CVEs

CVSS base score

9.6/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.

Key dates

02Disclosure timeline

December 23, 2022 CVE published

April 14, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-41654

Related vulnerabilities

04Related CVE

CVE-2026-20843 Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability CVE-2024-0373 Views for WPForms <= 3.2.2 - Cross-Site Request Forgery via save_view CVE-2024-7553 Accessing Untrusted Directory May Allow Local Privilege Escalation CVE-2024-32973 Remote for TLS session may be trusted despite constraints in Pluto lang CVE-2021-40112 Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities