#cwe-89

[ follow ]
#ghost-cms #sql-injection #unauthenticated-access #cve-2026-26980
fromNist
17 hours ago
Node JS

NVD

Unauthenticated attackers can read arbitrary database data in Ghost versions 3.24.0 through 6.19.0 via an SQL injection flaw, fixed in 6.19.1.
[ Load more ]