Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

📄 LEPTON 7.4.0 Remote Code Execution

🗓️ 30 Oct 2025 00:00:00Reported by tmrswrr, Hulya KARABAGType 
packetstorm
 packetstorm🔗 packetstorm.news👁 125 Views

Authenticated admin RCE in Lepton seven four zero via droplets enabling arbitrary system commands.

Code
# Exploit Title:  LEPTON 7.4.0 Remote Code Execution (RCE) 
    # Exploit Author: tmrswrr /Hulya KARABAG
    # Vendor Homepage: https://lepton-cms.org/
    # Software Link: https://lepton-cms.org/media/download_gallery/LEPTON_stable_7.4.0.zip
    # Version : LEPTON 7.4.0 stable
    # Date: October 29, 2025  
    
    
    ## Vulnerability Description
    
    LEPTON CMS version 7.4.0 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary system commands through the Droplets functionality. This vulnerability arises from improper input validation and execution control within the Droplets feature.
    
    ## Proof of Concept
    
    ### Prerequisites
    - Valid administrator credentials
    - Access to the LEPTON CMS administrative interface
    
    ### Exploitation Steps
    
    1. Authentication
       - Log into the LEPTON CMS administration panel with administrator privileges
    
    2. Access Droplets Management
       - Navigate to: Menu > Administration > Admin-Tools
       - Select the "Droplets" option
    
    3. Create Malicious Droplet
       - Click "Create New"
       - Enter a droplet name (e.g., `malicious-droplet`)
       - In the code field, insert the payload:
       
          
         echo system('id');
          
       - Click "Save and Back" to store the droplet
    
    4. Trigger Execution
       - Edit or create any page within the CMS
       - In the content editor, insert the droplet using the syntax:
         
         [[malicious-droplet]]
         
       - Save the page modifications
    
    5. Verify Exploitation
       - Preview or visit the modified page
       - The system command output will be displayed, confirming successful code execution

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
30 Oct 2025 00:00Current
8.6High risk
Vulners AI Score8.6
lepton seven four zeroremote command executiondroplets featureauthenticated administratorpayload executionweb application vulnerability
125