CVE-2024-24520

HIGH

Lepton CMS <7.0.0 - RCE

Title source: llm

Description

An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place.

Exploits (1)

exploitdb WORKING POC
by tmrswrr · textwebappsphp
https://www.exploit-db.com/exploits/51949

References (5)

Scores

CVSS v3 7.8
EPSS 0.0018
EPSS Percentile 38.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (1)
lepton-cms/leptoncms 7.0.0
Published Mar 21, 2024
Tracked Since Feb 18, 2026