CVE-2024-24399

Опубликовано: 25 янв. 2024

Источник: nvd

CVSS3: 7.2

EPSS Низкий

Описание

An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area.

Ссылки

https://github.com/capture0x/leptoncms
https://github.com/capture0x/leptoncms/blob/main/README.md
Exploit
https://packetstormsecurity.com/files/176647/Lepton-CMS-7.0.0-Remote-Code-Execution.html
https://www.exploit-db.com/exploits/51949
https://github.com/capture0x/leptoncms
https://github.com/capture0x/leptoncms/blob/main/README.md
Exploit
https://packetstormsecurity.com/files/176647/Lepton-CMS-7.0.0-Remote-Code-Execution.html
https://www.exploit-db.com/exploits/51949

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:lepton-cms:leptoncms:7.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.01742

Низкий

7.2 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-6m93-gmrj-jf29