Lucene search
K
Lepton-cmsLeptoncms

8 matches found

CVE
CVE
added 2024/01/25 12:0 a.m.182 views

CVE-2024-24399

CVE-2024-24399 affects LEPTON v7.0.0: an arbitrary file upload vulnerability allows an authenticated attacker to upload PHP code via the backend/languages/index.php languages area, enabling execution of arbitrary code with high impact (C/H, I/H, A/H per CVSS). The Connected documents corroborate ...

7.2CVSS7.2AI score0.15597EPSS
CVE
CVE
added 2020/12/02 4:45 p.m.69 views

CVE-2020-29240

CVE-2020-29240 concerns Lepton-CMS 4.7.0, where a cross-site scripting (XSS) vulnerability exists in the admin UI. The vulnerability allows an attacker to inject an XSS payload via the URL field accessed from the Menu-Pages-Pages Overview section; every time an admin visits that page, the payload...

4.8CVSS4.8AI score0.01673EPSS
Web
CVE
CVE
added 2020/05/07 7:9 p.m.67 views

CVE-2020-12705

LeptonCMS is affected by multiple cross-site scripting (XSS) vulnerabilities in versions before 4.6.0. The root cause is inadequate validation of client-side data by the web application, enabling attackers to inject and execute code in a user’s browser. Impact described in the sources includes th...

6.1CVSS6.1AI score0.00641EPSS
CVE
CVE
added 2024/04/02 12:0 a.m.61 views

CVE-2024-29514

CVE-2024-29514 affects Lepton v7.1.0. The vulnerability is a file-upload flaw that allows a remote, authenticated attacker to execute arbitrary PHP code by uploading a crafted file. Impact is high (remote code execution, authenticated access). Affected software is LeptonCMS/Lepton v7.1.0, with th...

8.8CVSS7.5AI score0.01281EPSS
CVE
CVE
added 2024/03/25 12:0 a.m.56 views

CVE-2024-29515

The CVE is for LeptonCMS v7.1.0 (Lepton) and describes a File Upload vulnerability that enables a remote authenticated attacker to execute arbitrary PHP code by uploading crafted files to the save.php and config.php components. The root cause, as reflected across multiple sources, is improper han...

8.8CVSS7.6AI score0.01164EPSS
CVE
CVE
added 2024/02/29 12:0 a.m.40 views

CVE-2024-24520

CVE-2024-24520 affects Lepton CMS v7.0.0. The issue is a local arbitrary-code execution via the upgrade.php file in the languages place, enabling a local attacker to compromise the system. According to Red Hat and CNNVD records, the vulnerability exists in Lepton CMS 7.0.0. The Red Hat entry and ...

7.8CVSS7.5AI score0.00418EPSS
CVE
CVE
added 2023/08/11 12:0 a.m.32 views

CVE-2020-24872

CVE-2020-24872 is a cross-site scripting vulnerability in Lepton-CMS 4.7.0, stemming from lack of proper filtering/escaping in backend/pages/modify.php. The issue allows remote attackers to inject and execute arbitrary web scripts or HTML when a user views or submits crafted data, with the CVSS i...

6.1CVSS6.1AI score0.00456EPSS
CVE
CVE
added 2025/12/09 12:0 a.m.14 views

CVE-2025-56704

LeptonCMS 7.3.0 is affected by an arbitrary file upload vulnerability caused by insufficient validation of uploaded files. An authenticated attacker can upload a crafted ZIP/PHP file to execute arbitrary code. Affected software: LeptonCMS 7.3.0. Root cause: lack of proper validation during file u...

8.8CVSS7.1AI score0.00664EPSS