Directory Traversal Vulnerability in LEPTON CMS
CVE-2012-0998

Currently unrated

Key Information:

Vendor: Lepton-cms
Status: Lepton
Vendor: CVE Published:; 24 February 2012

What is CVE-2012-0998?

The directory traversal vulnerability in LEPTON CMS prior to version 1.1.4 permits remote attackers to exploit the application by manipulating the language parameter in the account/preferences.php script. This flaw allows unauthorized inclusion and execution of arbitrary files, potentially compromising the integrity and security of the affected system. It is crucial for users and administrators to upgrade to the latest version to mitigate this risk.

References

http://www.lepton-cms.org/media/changelog/changelog_1.1.4...

x_refsource_MISC

http://www.lepton-cms.org/posts/security-release-lepton-1...

x_refsource_CONFIRM

https://www.htbridge.ch/advisory/HTB23072

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Feb 24, 2012

Lepton-cms

What is CVE-2012-0998?

References

Timeline