CVE-2024-24399

Name of the Vulnerable Software and Affected Versions LeptonCMS version 7.0.0

Description An arbitrary file upload vulnerability allows authenticated attackers to execute arbitrary PHP code by uploading crafted PHP files to the backend/languages/index.php languages area. This enables the execution of arbitrary code via the uploaded files.

Recommendations For LeptonCMS version 7.0.0, consider disabling the file upload functionality in the backend/languages/index.php area until a patch is available to prevent exploitation. Restrict access to the languages area to minimize the risk of arbitrary code execution. Avoid using the file upload feature in the affected area until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.