CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29514
https://notcve.org/view.php?id=CVE-2024-29514
02 Apr 2024 — File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file. La vulnerabilidad de carga de archivos en lepton v.7.1.0 permite a atacantes remotos autenticados ejecutar código arbitrario cargando un archivo PHP manipulado. • https://github.com/zzq66/cve6 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24520
https://notcve.org/view.php?id=CVE-2024-24520
29 Feb 2024 — An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place. Un problema en Lepton CMS v.7.0.0 permite a un atacante local ejecutar código arbitrario a través del archivo update.php en el lugar del idioma. • https://github.com/xF-9979/CVE-2024-24520 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24399
https://notcve.org/view.php?id=CVE-2024-24399
25 Jan 2024 — An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area. Una vulnerabilidad de carga de archivos arbitrarios en LeptonCMS v7.0.0 permite a atacantes autenticados ejecutar código arbitrario cargando un archivo PHP manipulado. • https://github.com/capture0x/leptoncms • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24872
https://notcve.org/view.php?id=CVE-2020-24872
11 Aug 2023 — Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary code. • https://lepton-cms.org/posts/new-security-release-144.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-29240 – LEPTON CMS 4.7.0 - 'URL' Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-29240
02 Dec 2020 — Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview section, the XSS will be triggered. Lepton-CMS versión 4.7.0, está afectado por una vulnerabilidad de tipo cross-site scripting (XSS). Un atacante puede inyectar la carga útil XSS en el campo URL de la página de administración y cada vez que un administrador visita la sección Menu-Pages-Pages Overview, se desenc... • https://www.exploit-db.com/exploits/49137 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12705
https://notcve.org/view.php?id=CVE-2020-12705
07 May 2020 — Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS before 4.6.0. Se presentan múltiples vulnerabilidades de tipo cross-site scripting (XSS) en LeptonCMS versiones anteriores a 4.6.0. • https://lepton-cms.org/posts/important-security-update-141.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •