CVE-2026-28785
- Source
- https://cve.org/CVERecord?id=CVE-2026-28785
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-28785.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-28785
- Aliases
-
- GHSA-m5cc-7jw5-34xp
- Published
- 2026-03-06T04:27:07.645Z
- Modified
- 2026-04-10T05:42:29.903354Z
- Severity
-
- 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Ghostfolio: Time-Based Blind SQL Injection in Manual Asset Import
- Details
-
Ghostfolio is an open source wealth management software. Prior to version 2.244.0, by bypassing symbol validation, an attacker can execute arbitrary SQL commands via the getHistorical() method, potentially allowing them to read, modify, or delete sensitive financial data for all users in the database. This issue has been patched in version 2.244.0.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-89" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/28xxx/CVE-2026-28785.json" }- References
Affected packages
Git / github.com/ghostfolio/ghostfolio
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ghostfolio/ghostfolio
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.116.0
1.117.0
1.118.0
1.120.0
1.121.0
1.122.0
1.123.0
1.124.0
1.125.0
1.126.0
1.127.0
1.128.0
1.129.0
1.130.0
1.131.0
1.131.1
1.132.0
1.132.1
1.133.0
1.134.0
1.135.0
1.136.0
1.137.0
1.138.0
1.139.0
1.140.0
1.140.1
1.140.2
1.141.0
1.141.1
1.142.0
1.143.0
1.144.0
1.145.0
1.146.0
1.146.1
1.146.2
1.146.3
1.147.0
1.148.0
1.149.0
1.150.0
1.151.0
1.152.0
1.153.0
1.154.0
1.155.0
1.156.0
1.157.0
1.158.0
1.158.1
1.159.0
1.160.0
1.161.0
1.161.1
1.162.0
1.163.0
1.164.0
1.165.0
1.166.0
1.167.0
1.168.0
1.169.0
1.170.0
1.171.0
1.172.0
1.173.0
1.174.0
1.175.0
1.176.0
1.176.1
1.176.2
1.177.0
1.178.0
1.179.0
1.179.1
1.179.2
1.179.3
1.179.4
1.179.5
1.180.0
1.180.1
1.181.0
1.181.1
1.181.2
1.182.0
1.183.0
1.184.0
1.184.1
1.184.2
1.185.0
1.186.0
1.186.1
1.186.2
1.187.0
1.188.0
1.189.0
1.190.0
1.191.0
1.192.0
1.193.0
1.194.0
1.195.0
1.196.0
1.197.0
1.198.0
1.199.0
1.199.1
1.200.0
1.201.0
1.202.0
1.203.0
1.204.0
1.204.1
1.205.0
1.205.1
1.205.2
1.206.0
1.206.1
1.206.2
1.207.0
1.208.0
1.209.0
1.210.0
1.211.0
1.212.0
1.213.0
1.214.0
1.215.0
1.216.0
1.217.0
1.218.0
1.219.0
1.220.0
1.221.0
1.222.0
1.223.0
1.224.0
1.225.0
1.226.0
1.227.0
1.227.1
1.228.0
1.228.1
1.229.0
1.230.0
1.231.0
1.232.0
1.233.0
1.234.0
1.235.0
1.236.0
1.237.0
1.238.0
1.239.0
1.240.0
1.241.0
1.242.0
1.243.0
1.244.0
1.245.0
1.246.0
1.247.0
1.248.0
1.249.0
1.250.0
1.251.0
1.252.0
1.252.1
1.252.2
1.253.0
1.254.0
1.255.0
1.256.0
1.257.0
1.258.0
1.259.0
1.260.0
1.261.0
1.262.0
1.263.0
1.264.0
1.265.0
1.266.0
1.267.0
1.268.0
1.269.0
1.270.0
1.270.1
1.271.0
1.272.0
1.273.0
1.274.0
1.275.0
1.276.0
1.277.0
1.278.0
1.279.0
1.280.0
1.280.1
1.281.0
1.282.0
1.283.0
1.283.1
1.283.2
1.283.3
1.283.4
1.283.5
1.284.0
1.285.0
1.286.0
1.287.0
1.288.0
1.289.0
1.290.0
1.291.0
1.292.0
1.293.0
1.294.0
1.295.0
1.296.0
1.297.0
1.297.1
1.297.2
1.297.3
1.297.4
1.298.0
1.299.0
1.299.1
1.300.0
1.301.0
1.301.1
1.302.0
1.303.0
1.304.0
1.305.0
2.*
2.0.0
2.1.0
2.10.0
2.100.0
2.101.0
2.102.0
2.103.0
2.103.0-alpha
2.104.0
2.104.1
2.105.0
2.106.0
2.106.0-alpha.1
2.106.0-beta.1
2.106.0-beta.2
2.106.0-beta.3
2.106.0-beta.4
2.106.0-beta.5
2.106.0-beta.6
2.107.0
2.107.1
2.108.0
2.109.0
2.11.0
2.110.0
2.111.0
2.112.0
2.113.0
2.114.0
2.115.0
2.116.0
2.117.0
2.118.0
2.119.0
2.12.0
2.120.0
2.121.0
2.121.1
2.122.0
2.123.0
2.124.0
2.124.1
2.125.0
2.126.0
2.126.1
2.127.0
2.128.0
2.129.0
2.13.0
2.130.0
2.131.0
2.132.0
2.133.0
2.133.1
2.134.0
2.135.0
2.136.0
2.137.0
2.137.1
2.138.0
2.139.0
2.139.1
2.14.0
2.140.0
2.141.0
2.142.0
2.143.0
2.144.0
2.145.0
2.145.1
2.146.0
2.147.0
2.148.0
2.149.0
2.15.0
2.150.0
2.151.0
2.152.0
2.152.1
2.153.0
2.154.0
2.155.0
2.156.0
2.157.0
2.157.1
2.158.0
2.159.0
2.16.0
2.160.0
2.161.0
2.162.0
2.162.1
2.163.0
2.164.0
2.165.0
2.166.0
2.167.0
2.168.0
2.169.0
2.17.0
2.170.0
2.171.0
2.171.0-beta.4
2.172.0
2.173.0
2.174.0
2.175.0
2.176.0
2.177.0
2.178.0
2.179.0
2.18.0
2.180.0
2.181.0
2.182.0
2.183.0
2.184.0
2.185.0
2.186.0
2.187.0
2.188.0
2.189.0
2.19.0
2.190.0
2.191.0
2.191.1
2.192.0
2.193.0
2.194.0
2.195.0
2.196.0
2.197.0
2.198.0
2.199.0
2.199.0-beta.0
2.2.0
2.20.0
2.200.0
2.201.0
2.202.0
2.203.0
2.204.0
2.205.0
2.206.0
2.207.0
2.208.0
2.209.0
2.21.0
2.210.0
2.210.1
2.211.0
2.211.0-beta.0
2.212.0
2.213.0
2.214.0
2.215.0
2.215.0-beta.1
2.216.0
2.217.0
2.217.1
2.218.0
2.219.0
2.22.0
2.220.0
2.221.0
2.222.0
2.223.0
2.224.0
2.224.1
2.224.2
2.225.0
2.226.0
2.227.0
2.228.0
2.229.0
2.23.0
2.230.0
2.231.0
2.232.0
2.233.0
2.234.0
2.235.0
2.236.0
2.237.0
2.238.0
2.239.0
2.24.0
2.240.0
2.241.0
2.242.0
2.243.0
2.25.0
2.25.1
2.26.0
2.27.0
2.27.1
2.28.0
2.29.0
2.3.0
2.30.0
2.31.0
2.32.0
2.33.0
2.34.0
2.35.0
2.36.0
2.37.0
2.38.0
2.39.0
2.4.0
2.40.0
2.41.0
2.42.0
2.43.0
2.43.1
2.44.0
2.45.0
2.46.0
2.47.0
2.48.0
2.48.1
2.49.0
2.5.0
2.50.0
2.51.0
2.52.0
2.53.0
2.53.1
2.54.0
2.55.0
2.56.0
2.57.0
2.58.0
2.59.0
2.6.0
2.60.0
2.61.0
2.61.1
2.62.0
2.63.0
2.63.1
2.63.2
2.64.0
2.65.0
2.66.0
2.66.1
2.66.2
2.66.3
2.67.0
2.68.0
2.69.0
2.7.0
2.70.0
2.71.0
2.72.0
2.73.0
2.74.0
2.75.0
2.75.1
2.76.0
2.77.0
2.77.1
2.78.0
2.79.0
2.8.0
2.80.0
2.81.0
2.82.0
2.83.0
2.84.0
2.85.0
2.86.0
2.87.0
2.88.0
2.89.0
2.9.0
2.90.0
2.91.0
2.92.0
2.93.0
2.94.0
2.95.0
2.96.0
2.97.0
2.98.0
2.99.0
V1.*
V1.49.0
v.*
v.1.5.0
v0.*
v0.85.0
v0.86.1
v0.87.0
v0.88.0
v0.89.0
v0.90.0
v0.91.0
v0.92.0
v0.94.0
v0.95.0
v0.96.0
v0.97.0
v0.98.0
v0.99.0
v1.*
v1.0.0
v1.1.0
v1.10.0
v1.10.1
v1.100.0
v1.101.0
v1.102.0
v1.103.0
v1.104.0
v1.105.0
v1.106.0
v1.107.0
v1.108.0
v1.109.0
v1.11.0
v1.110.0
v1.111.0
v1.112.0
v1.112.1
v1.113.0
v1.114.1
v1.115.0
v1.12.0
v1.13.0
v1.14.0
v1.15.0
v1.16.0
v1.17.0
v1.18.0
v1.19.0
v1.2.0
v1.2.1
v1.20.0
v1.21.0
v1.22.0
v1.23.0
v1.23.1
v1.24.0
v1.25.0
v1.26.0
v1.27.0
v1.28.0
v1.29.0
v1.3.0
v1.30.0
v1.31.0
v1.31.1
v1.32.0
v1.33.0
v1.34.0
v1.35.0
v1.36.0
v1.37.0
v1.38.0
v1.39.0
v1.4.0
v1.40.0
v1.41.0
v1.42.0
v1.43.0
v1.44.0
v1.45.0
v1.46.0
v1.47.1
v1.48.0
v1.49.0
v1.5.0
v1.51.0
v1.52.0
v1.53.0
v1.54.0
v1.55.0
v1.56.0
v1.57.0
v1.58.0
v1.58.1
v1.59.0
v1.6.0
v1.60.0
v1.61.0
v1.62.0
v1.63.0
v1.64.0
v1.65.0
v1.66.0
v1.67.0
v1.68.0
v1.69.0
v1.7.0
v1.70.0
v1.71.0
v1.72.0
v1.73.0
v1.74.0
v1.75.0
v1.76.0
v1.77.0
v1.78.0
v1.79.0
v1.8.0
v1.80.0
v1.81.0
v1.82.0
v1.83.0
v1.84.0
v1.85.0
v1.86.0
v1.87.0
v1.88.0
v1.89.0
v1.9.0
v1.90.0
v1.91.0
v1.92.0
v1.93.0
v1.94.0
v1.95.0
v1.96.0
v1.97.0
v1.98.0
v1.99.0