CVE-2024-29514

Name of the Vulnerable Software and Affected Versions lepton version 7.1.0

Description The issue allows remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file. This is a result of a File Upload vulnerability.

Recommendations For lepton version 7.1.0, consider disabling file upload functionality until a patch is available to prevent exploitation. Restrict access to areas where file uploads are permitted to minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.