SQL Injection Vulnerability in LEPTON CMS
CVE-2012-0999

Currently unrated

Key Information:

Vendor: Lepton-cms
Status: Lepton
Vendor: CVE Published:; 24 February 2012

What is CVE-2012-0999?

A significant SQL injection vulnerability exists in modules/news/rss.php of LEPTON CMS prior to version 1.1.4. Attackers can exploit this flaw by manipulating the group_id parameter, enabling them to execute arbitrary SQL commands on the database. This could lead to unauthorized data access, data manipulation, or even complete system compromise. It is crucial for users and administrators to upgrade to the latest version to mitigate potential security risks. For further information, refer to the changelog and security release updates provided by LEPTON.

References

http://www.lepton-cms.org/media/changelog/changelog_1.1.4...

x_refsource_CONFIRM

http://www.lepton-cms.org/posts/security-release-lepton-1...

x_refsource_CONFIRM

https://www.htbridge.ch/advisory/HTB23072

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Feb 24, 2012

Lepton-cms

What is CVE-2012-0999?

References

Timeline