Arbitrary code execution vulnerability
BUG_Author: xF_9979(Jin Han)
[VulnerabilityType Other] Remote Code Execution Vulnerability
[Vendor of Product] Lepton CMS
[Affected Product Code Base] Lepton CMS - 7.0.0 [Affected Component] 1 ) Login with admin cred > https://127.0.0.1/LEPTONevy1ldfvvd/backend/login/index.php
2 ) Go to Languages place > https://demos6.softaculous.com/LEPTONevy1ldfvvd/backend/languages/index.php?leptoken=acf433dcae00c2ce8b8dfz1708226799
3 ) Upload upgrade.php file in languages place >
4 ) After uploading, you can see the code execution status
