CVE-2024-29514
- EPSS 2.01%
- Veröffentlicht 02.04.2024 13:15:51
- Zuletzt bearbeitet 01.05.2025 15:06:13
File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file.
CVE-2024-29515
- EPSS 1.51%
- Veröffentlicht 25.03.2024 19:15:59
- Zuletzt bearbeitet 01.05.2025 15:05:58
File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file to the save.php and config.php component.
CVE-2024-24520
- EPSS 0.15%
- Veröffentlicht 21.03.2024 02:52:10
- Zuletzt bearbeitet 01.05.2025 15:03:36
An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place.
CVE-2024-24399
- EPSS 1.74%
- Veröffentlicht 25.01.2024 21:15:09
- Zuletzt bearbeitet 05.06.2025 19:15:28
An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area.
CVE-2020-24872
- EPSS 0.3%
- Veröffentlicht 11.08.2023 14:15:10
- Zuletzt bearbeitet 21.11.2024 05:16:09
Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary code.
CVE-2020-29240
- EPSS 0.21%
- Veröffentlicht 02.12.2020 17:15:14
- Zuletzt bearbeitet 21.11.2024 05:23:49
Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview section, the XSS will be triggered.
CVE-2020-12705
- EPSS 0.36%
- Veröffentlicht 07.05.2020 20:15:12
- Zuletzt bearbeitet 21.11.2024 05:00:06
Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS before 4.6.0.