Exploit for SQL Injection in Ghost_D96B5C35-111D-54D3-90D2-4C8CC4B42AA5

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

CVE-2026-26980 — Ghost CMS Content API SQL Injection Lab Unauthenticated blind SQL injection in Ghost CMS via the Content API's slug filter ordering mechanism, allowing arbitrary database reads from any Ghost instance without credentials. | | |...

Visit Original Source

Basic Information

ID D96B5C35-111D-54D3-90D2-4C8CC4B42AA5

Published Apr 17, 2026 at 19:15

{
    "lastseen": "2026-04-17T19:29:31",
    "description": "CVE-2026-26980 \u2014 Ghost CMS Content API SQL Injection Lab Unauthenticated blind SQL injection in Ghost CMS via the Content API's slug filter ordering mechanism, allowing arbitrary database reads from any Ghost instance without credentials. | | |...",
    "published": "2026-04-17T19:15:20",
    "modified": "2026-04-17T19:15:48",
    "type": "githubexploit",
    "title": "Exploit for SQL Injection in Ghost",
    "source": "",
    "references": "",
    "id": "D96B5C35-111D-54D3-90D2-4C8CC4B42AA5",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [
        "CVE-2026-26980",
        "CVE-2026-29053"
    ],
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://github.com/dinosn/ghost-cve-2026-26980",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

💭 Join the Security Discussion ❌ Cancel Reply