CVE-2012-0998
LEPTON < 1.1.4 - Remote File Inclusion via Language Parameter Path Traversal
Title source: llmDescription
Directory traversal vulnerability in account/preferences.php in LEPTON before 1.1.4 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the language parameter.
References (3)
Core 3
Core References
Exploit x_refsource_misc
https://www.htbridge.ch/advisory/HTB23072
Various Sources x_refsource_misc
http://www.lepton-cms.org/media/changelog/changelog_1.1.4.txt
Patch, Vendor Advisory x_refsource_confirm
http://www.lepton-cms.org/posts/security-release-lepton-1.1.4-52.php
Scores
EPSS
0.0188
EPSS Percentile
76.9%
Details
CWE
CWE-22
Status
published
Products (4)
lepton-cms/lepton
1.1.0
lepton-cms/lepton
1.1.1
lepton-cms/lepton
1.1.2
lepton-cms/lepton
< 1.1.3
Published
Feb 24, 2012
Tracked Since
Feb 18, 2026