4 matches found
CVE-2012-0998
LEPTON CVE-2012-0998 is a Local File Inclusion vulnerability in the account/preferences.php flow. Input passed via the language parameter is saved into the session and later used by include(), enabling an attacker to traverse directories and include local files. Affected product/version: LEPTON p...
CVE-2012-1000
CVE-2012-1000: LEPTON 1.1.3 and earlier versions suffer XSS in multiple user input points. The vulnerability arises from inadequate sanitization of user-supplied data in the parameters responsible for messages and profile fields: message (admins/login/forgot/index.php), and display_name / email (...
CVE-2012-0999
CVE-2012-0999 is a SQL Injection vulnerability in LEPTON CMS, affecting the file path modules/news/rss.php. The issue arises from unsanitized input in the POST parameter group_id , enabling remote attackers to construct arbitrary SQL queries and potentially compromise the database. Affected versi...
CVE-2011-3385
The CVE-2011-3385 entry concerns WebsiteBaker before version 2.8 (used in LEPTON and possibly other products). The vulnerability is described as a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via unknown vectors; no explicit root cause or aff...