Lucene search
K
Lepton-cmsLepton

4 matches found

CVE
CVE
added 2012/02/20 7:0 p.m.62 views

CVE-2012-0998

LEPTON CVE-2012-0998 is a Local File Inclusion vulnerability in the account/preferences.php flow. Input passed via the language parameter is saved into the session and later used by include(), enabling an attacker to traverse directories and include local files. Affected product/version: LEPTON p...

7.5CVSS7.4AI score0.0188EPSS
Web
CVE
CVE
added 2012/02/20 7:0 p.m.57 views

CVE-2012-1000

CVE-2012-1000: LEPTON 1.1.3 and earlier versions suffer XSS in multiple user input points. The vulnerability arises from inadequate sanitization of user-supplied data in the parameters responsible for messages and profile fields: message (admins/login/forgot/index.php), and display_name / email (...

4.3CVSS5.8AI score0.01193EPSS
Web
CVE
CVE
added 2012/02/20 7:0 p.m.54 views

CVE-2012-0999

CVE-2012-0999 is a SQL Injection vulnerability in LEPTON CMS, affecting the file path modules/news/rss.php. The issue arises from unsanitized input in the POST parameter group_id , enabling remote attackers to construct arbitrary SQL queries and potentially compromise the database. Affected versi...

7.5CVSS8.6AI score0.01295EPSS
Web
CVE
CVE
added 2011/09/02 5:0 p.m.50 views

CVE-2011-3385

The CVE-2011-3385 entry concerns WebsiteBaker before version 2.8 (used in LEPTON and possibly other products). The vulnerability is described as a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via unknown vectors; no explicit root cause or aff...

4.3CVSS5.9AI score0.00845EPSS