CVE-2024-29515

Name of the Vulnerable Software and Affected Versions lepton version 7.1.0

Description The issue allows remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file to the "save.php" and "config.php" components. This enables attackers to potentially gain control over the system.

Recommendations For lepton version 7.1.0, consider disabling the file upload functionality in the save.php and config.php components until a patch is available. Restrict access to these components to minimize the risk of exploitation. Avoid using the file upload feature in the affected components until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.