An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area.
References
Configurations
History
21 Nov 2024, 08:59
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/capture0x/leptoncms - | |
References | () https://github.com/capture0x/leptoncms/blob/main/README.md - Exploit | |
References | () https://packetstormsecurity.com/files/176647/Lepton-CMS-7.0.0-Remote-Code-Execution.html - | |
References | () https://www.exploit-db.com/exploits/51949 - |
07 Jun 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Apr 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area. |
28 Mar 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Jan 2024, 15:57
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:lepton-cms:leptoncms:7.0.0:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
CWE | CWE-434 | |
References | () https://github.com/capture0x/leptoncms/blob/main/README.md - Exploit |
25 Jan 2024, 21:52
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-25 21:15
Updated : 2024-11-21 08:59
NVD link : CVE-2024-24399
Mitre link : CVE-2024-24399
CVE.ORG link : CVE-2024-24399
JSON object : View
Products Affected
lepton-cms
- leptoncms
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type