Lepton-Cms: >> Leptoncms Security Vulnerabilities
LeptonCMS version 7.3.0 contains an arbitrary file upload vulnerability, which is caused by the lack of proper validation for uploaded files. An authenticated attacker can exploit this vulnerability by uploading a specially crafted ZIP/PHP file to execute arbitrary code.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-12-09
File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file.
CVSS Score
8.8
EPSS Score
0.02
Published
2024-04-02
File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file to the save.php and config.php component.
CVSS Score
8.8
EPSS Score
0.015
Published
2024-03-25
An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place.
CVSS Score
7.8
EPSS Score
0.002
Published
2024-03-21
An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area.
CVSS Score
7.2
EPSS Score
0.017
Published
2024-01-25
Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary code.
CVSS Score
6.1
EPSS Score
0.003
Published
2023-08-11
Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview section, the XSS will be triggered.
CVSS Score
4.8
EPSS Score
0.002
Published
2020-12-02
Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS before 4.6.0.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-05-07