Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For headers.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NGhost
APPGhostβ€ 5.85.1
Related vulnerabilities
Ghost CMS: nieuwierzytelniony odczyt bazy danych przez SQL injection
Ghost CMS: stored XSS w pliku SVG umoΕΌliwia privilege escalation
An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to exec...
An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute ...
Ghost is a Node.js content management system. From version 5.101.6 to 6.19.2, incomplete CSRF protections arou...