CVE-2024-24520

An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place...

CVE-2020-24872

Cross Site Scripting XSS vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary code...

CVE-2024-24520

An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place...

CVE-2024-24520

CVE-2024-24520 affects Lepton CMS v7.0.0. The issue is a local arbitrary-code execution via the upgrade.php file in the languages place, enabling a local attacker to compromise the system. According to Red Hat and CNNVD records, the vulnerability exists in Lepton CMS 7.0.0. The Red Hat entry and ...

CVE-2024-24520

An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place...

CVE-2024-24520

An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place...

Lepton CMS 7.0.0 Remote Code Execution Vulnerability

Exploit Title: LeptonCMS Version : 7.0.0 Remote Code Execution Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://www.lepton-cms.com/ Version : 7.0.0 Tested on: https://www.softaculous.com/apps/cms/LEPTON 1 Login with admin cred https://127.0.0.1/LEPTON/backend/login/index.php 2 G...

LeptonCMS Cross-Site Scripting Vulnerability (CNVD-2020-35505)

LeptonCMS is a content management system CMS for the Lepton Project. A cross-site scripting vulnerability exists in the modules/wysiwyg/save.php file in LeptonCMS version 4.5.0. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can...

LEPTON 2.2.2 - SQL Injection

LEPTON 2.2.2 - SQL Injection Security Advisory - Curesec Research Team 1. Introduction Affected Product: LEPTON 2.2.2 stable Fixed in: 2.3.0 Fixed Version Link: http://www.lepton-cms.org/posts/ important-lepton-2.3.0-101.php Vendor Website: http://www.lepton-cms.org/ Vulnerability Type: SQL...

LEPTON 2.2.2 - SQL Injection

Security Advisory - Curesec Research Team 1. Introduction Affected Product: LEPTON 2.2.2 stable Fixed in: 2.3.0 Fixed Version Link: http://www.lepton-cms.org/posts/ important-lepton-2.3.0-101.php Vendor Website: http://www.lepton-cms.org/ Vulnerability Type: SQL Injection Remote Exploitable: Yes...

LEPTON 2.2.2 - Remote Code Execution

Security Advisory - Curesec Research Team 1. Introduction Affected Product: LEPTON 2.2.2 stable Fixed in: 2.3.0 Fixed Version Link: http://www.lepton-cms.org/posts/important-lepton-2.3.0-101.php Vendor Website: http://www.lepton-cms.org/ Vulnerability Type: Code Execution Remote Exploitable: Yes...

Lepton 2.2.2 Stable Shell Upload Vulnerability

Lepton version 2.2.2 Stable suffers from a remote code execution vulnerability via a remote shell upload. 1. Introduction Affected Product: LEPTON 2.2.2 stable Fixed in: 2.3.0 Fixed Version Link: http://www.lepton-cms.org/posts/ important-lepton-2.3.0-101.php Vendor Website:...

Lepton 2.2.2 Stable SQL Injection

Security Advisory - Curesec Research Team 1. Introduction Affected Product: LEPTON 2.2.2 stable Fixed in: 2.3.0 Fixed Version Link: http://www.lepton-cms.org/posts/ important-lepton-2.3.0-101.php Vendor Website: http://www.lepton-cms.org/ Vulnerability Type: SQL Injection Remote Exploitable: Yes...

Lepton 2.2.2 Stable CSRF / Open Redirect / Password Handling

Security Advisory - Curesec Research Team 1. Introduction Affected Product: LEPTON 2.2.2 stable Fixed in: 2.3.0 Fixed Version http://www.lepton-cms.org/posts/ Link: important-lepton-2.3.0-101.php Vendor Website: http://www.lepton-cms.org/ Vulnerability CSRF, Open Redirect, Insecure Bruteforce...

Lepton CMS 2.2.0 / 2.2.1 - PHP Code Injection

Exploit for php platform in category web applications + Credits: John Page HYP3RLINX Vendor: ================== www.lepton-cms.org Product: ================================= Lepton CMS 2.2.0 / 2.2.1 update LEPTON is an easy-to-use but full customizable Content Management System CMS. Vulnerability...

Lepton CMS 2.2.0 / 2.2.1 - Directory Traversal

Exploit for php platform in category web applications + Credits: John Page HYP3RLINX Vendor: ================== www.lepton-cms.org Product: ================================= Lepton CMS 2.2.0 / 2.2.1 update LEPTON is an easy-to-use but full customizable Content Management System CMS. Vulnerability...

Lepton CMS 2.2.02.2.1 - PHP Code Injection

Lepton CMS 2.2.02.2.1 - PHP Code Injection + Credits: John Page HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/LEPTON-PHP-CODE-INJECTION.txt + ISR: ApparitionSec Vendor: ================== www.lepton-cms.org Product:...

Lepton CMS 2.2.02.2.1 - Directory Traversal

Lepton CMS 2.2.02.2.1 - Directory Traversal + Credits: John Page HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/LEPTON-ARCHIVE-DIRECTORY-TRAVERSAL.txt + ISR: ApparitionSec Vendor: ================== www.lepton-cms.org Product:...

Lepton CMS 2.2.0/2.2.1 - Directory Traversal

Credits: John Page HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/LEPTON-ARCHIVE-DIRECTORY-TRAVERSAL.txt + ISR: ApparitionSec Vendor: ================== www.lepton-cms.org Product: ================================= Lepton CMS 2.2.0 / 2.2.1...

Lepton CMS 2.2.0/2.2.1 - PHP Code Injection

Credits: John Page HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/LEPTON-PHP-CODE-INJECTION.txt + ISR: ApparitionSec Vendor: ================== www.lepton-cms.org Product: ================================= Lepton CMS 2.2.0 / 2.2.1 update LEPTON...