exploitDog

CVE-2025-56704

Опубликовано: 09 дек. 2025

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

LeptonCMS version 7.3.0 contains an arbitrary file upload vulnerability, which is caused by the lack of proper validation for uploaded files. An authenticated attacker can exploit this vulnerability by uploading a specially crafted ZIP/PHP file to execute arbitrary code.

Ссылки

http://lepton.com
Not Applicable
https://github.com/Kayi626/Vulns/blob/UserAccount/LEPTON_CMS_7.3.0_File_Upload_A.pdf
Exploit
Third Party Advisory
https://github.com/Kayi626/Vulns/blob/UserAccount/LEPTON_CMS_7.3.0_File_Upload_B.pdf
Exploit
Third Party Advisory
https://github.com/Kayi626/Vulns/blob/UserAccount/LEPTON_CMS_7.3.0_File_Upload_C.pdf
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:lepton-cms:leptoncms:7.3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 25%

0.00085

Низкий

8.8 High

CVSS3

Дефекты

CWE-434

CWE-434

Связанные уязвимости

GHSA-pvcf-257h-r9p4

CVSS3: 8.8

github

около 2 месяцев назад

LeptonCMS version 7.3.0 contains an arbitrary file upload vulnerability, which is caused by the lack of proper validation for uploaded files. An authenticated attacker can exploit this vulnerability by uploading a specially crafted ZIP/PHP file to execute arbitrary code.

EPSS

Процентиль: 25%

0.00085

Низкий

8.8 High

CVSS3

Дефекты

CWE-434

CWE-434