CVE-2009-1615

Name of the Vulnerable Software and Affected Versions: Leap CMS version 0.1.4

Description: The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension via an admin.system.files request to the default URI, then accessing the file via a direct request.

Recommendations: For Leap CMS version 0.1.4, restrict access to the admin.system.files (aka Manage Files) functionality to prevent unauthorized file uploads until a fix is available. As a temporary workaround, consider disabling the file upload feature via the admin.system.files endpoint to minimize the risk of exploitation.