This exploit demonstrates a directory traversal vulnerability in Lepton CMS 2.2.0/2.2.1, allowing an attacker to upload a malicious ZIP archive containing a PHP file with path traversal sequences (e.g., ../../) to achieve remote code execution (RCE). The exploit creates a ZIP file with a PHP payload that, when uploaded and extracted, places the file outside the intended directory, enabling command execution via a GET parameter.
Classification
Working Poc 95%
Target:
Lepton CMS 2.2.0 / 2.2.1
Auth required
Prerequisites:
Access to the Lepton CMS admin panel with module installation privileges · Ability to upload a ZIP file