Lepton-cms : Security Vulnerabilities, CVEs, CVSS score >= 7

CVE-2024-24399

An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area.
Max CVSS
7.2
EPSS Score
0.06%
Published
2024-01-25
Updated
2024-04-01

CVE-2012-0999

SQL injection vulnerability in modules/news/rss.php in LEPTON before 1.1.4 allows remote attackers to execute arbitrary SQL commands via the group_id parameter.
Max CVSS
7.5
EPSS Score
0.14%
Published
2012-02-24
Updated
2012-02-24

CVE-2012-0998

Directory traversal vulnerability in account/preferences.php in LEPTON before 1.1.4 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the language parameter.
Max CVSS
7.5
EPSS Score
0.41%
Published
2012-02-24
Updated
2012-02-24
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close