cbcvebase.

Lepton-Cms Leptoncms vulnerabilities

8 known vulnerabilities affecting lepton-cms/leptoncms.

Total CVEs
8
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2025-56704P3HIGHCVSS 8.8v7.3.02025-12-09
CVE-2025-56704 [HIGH] CWE-434 CVE-2025-56704: LeptonCMS version 7.3.0 contains an arbitrary file upload vulnerability, which is caused by the lack LeptonCMS version 7.3.0 contains an arbitrary file upload vulnerability, which is caused by the lack of proper validation for uploaded files. An authenticated attacker can exploit this vulnerability by uploading a specially crafted ZIP/PHP file to execute arbitrary code.
nvd
CVE-2024-24399P3HIGHCVSS 7.2v7.0.02024-01-25
CVE-2024-24399 [HIGH] CWE-434 CVE-2024-24399: An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute ar An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area.
nvd
CVE-2024-29514P3HIGHCVSS 8.8v7.1.02024-04-02
CVE-2024-29514 [HIGH] CWE-434 CVE-2024-29514: File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbit File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file.
nvd
CVE-2024-29515P3HIGHCVSS 8.8v7.1.02024-03-25
CVE-2024-29515 [HIGH] CWE-434 CVE-2024-29515: File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbit File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file to the save.php and config.php component.
nvd
CVE-2020-29240P4MEDIUMCVSS 4.8PoCv4.7.02020-12-02
CVE-2020-29240 [MEDIUM] CWE-79 CVE-2020-29240: Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacker can inject the XSS payload i Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview section, the XSS will be triggered.
nvd
CVE-2024-24520P3HIGHCVSS 7.8v7.0.02024-03-21
CVE-2024-24520 [HIGH] CWE-94 CVE-2024-24520: An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place.
nvd
CVE-2020-24872P4MEDIUMCVSS 6.1v4.7.02023-08-11
CVE-2020-24872 [MEDIUM] CWE-79 CVE-2020-24872: Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, al Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary code.
nvd
CVE-2020-12705P4MEDIUMCVSS 6.1fixed in 4.6.02020-05-07
CVE-2020-12705 [MEDIUM] CWE-79 CVE-2020-12705: Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS before 4.6.0. Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS before 4.6.0.
nvd