CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29514
https://notcve.org/view.php?id=CVE-2024-29514
02 Apr 2024 — File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file. La vulnerabilidad de carga de archivos en lepton v.7.1.0 permite a atacantes remotos autenticados ejecutar código arbitrario cargando un archivo PHP manipulado. • https://github.com/zzq66/cve6 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29515
https://notcve.org/view.php?id=CVE-2024-29515
25 Mar 2024 — File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file to the save.php and config.php component. La vulnerabilidad de carga de archivos en lepton v.7.1.0 permite a atacantes remotos autenticados ejecutar código arbitrario cargando un archivo PHP manipulado en los componentes save.php y config.php. • https://github.com/zzq66/cve7 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24520
https://notcve.org/view.php?id=CVE-2024-24520
29 Feb 2024 — An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place. Un problema en Lepton CMS v.7.0.0 permite a un atacante local ejecutar código arbitrario a través del archivo update.php en el lugar del idioma. • https://github.com/xF-9979/CVE-2024-24520 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24399
https://notcve.org/view.php?id=CVE-2024-24399
25 Jan 2024 — An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area. Una vulnerabilidad de carga de archivos arbitrarios en LeptonCMS v7.0.0 permite a atacantes autenticados ejecutar código arbitrario cargando un archivo PHP manipulado. • https://github.com/capture0x/leptoncms • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24872
https://notcve.org/view.php?id=CVE-2020-24872
11 Aug 2023 — Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary code. • https://lepton-cms.org/posts/new-security-release-144.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-29240 – LEPTON CMS 4.7.0 - 'URL' Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-29240
02 Dec 2020 — Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview section, the XSS will be triggered. Lepton-CMS versión 4.7.0, está afectado por una vulnerabilidad de tipo cross-site scripting (XSS). Un atacante puede inyectar la carga útil XSS en el campo URL de la página de administración y cada vez que un administrador visita la sección Menu-Pages-Pages Overview, se desenc... • https://www.exploit-db.com/exploits/49137 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12705
https://notcve.org/view.php?id=CVE-2020-12705
07 May 2020 — Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS before 4.6.0. Se presentan múltiples vulnerabilidades de tipo cross-site scripting (XSS) en LeptonCMS versiones anteriores a 4.6.0. • https://lepton-cms.org/posts/important-security-update-141.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-12707 – LeptonCMS 4.5.0 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-12707
07 May 2020 — An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elements. Se presenta una vulnerabilidad de tipo XSS en el archivo modules/wysiwyg/save.php de LeptonCMS versión 4.5.0. Esto puede ser explotado porque la única medida de seguridad usada contra un ataque XSS es la eliminación de elementos... • https://www.exploit-db.com/exploits/48250 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2012-0999
https://notcve.org/view.php?id=CVE-2012-0999
20 Feb 2012 — SQL injection vulnerability in modules/news/rss.php in LEPTON before 1.1.4 allows remote attackers to execute arbitrary SQL commands via the group_id parameter. Vulnerabilidad de inyección SQL en modules/news/rss.php en el gestor de contenidos LEPTON antes de v1.1.4 permite a atacantes remotos ejecutar comandos SQL a través del parámetro group_id. • http://www.lepton-cms.org/media/changelog/changelog_1.1.4.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 1CVE-2012-0998
https://notcve.org/view.php?id=CVE-2012-0998
20 Feb 2012 — Directory traversal vulnerability in account/preferences.php in LEPTON before 1.1.4 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the language parameter. Una vulnerabilidad de salto de directorio en account/preferences.php en el gestor de contenidos LEPTON antes de v1.1.4 permite a atacantes remotos incluir y ejecutar archivos de su elección a través de un .. (punto punto) en el parámetro 'language'. • http://www.lepton-cms.org/media/changelog/changelog_1.1.4.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •