Description
Unrestricted file upload vulnerability in Leap CMS 0.1.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via an admin.system.files (aka Manage Files) request to the default URI, then accessing the file via a direct request.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by YEnH4ckEr · textwebappsphp
https://www.exploit-db.com/exploits/8577
References (1)
Core 1
Core References
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/8577
Scores
EPSS
0.0491
EPSS Percentile
89.6%
Details
Status
published
Products (1)
gowondesigns/leap
0.1.4
Published
May 11, 2009
Tracked Since
Feb 18, 2026