Primary

Context

LeptonCMS Arbitrary File Upload Vulnerability in Version 7.3.0

Vulnerability

An arbitrary file upload vulnerability has been identified in LeptonCMS version 7.3.0. This issue arises from inadequate validation of uploaded files, allowing authenticated attackers to upload specially crafted ZIP/PHP files that could execute arbitrary code.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution on the server.

Reproduction

To reproduce this vulnerability, an authenticated user can upload a ZIP file containing a PHP script to the application. The lack of proper file validation will allow the PHP script to be executed on the server, leading to arbitrary code execution.

Added: Dec 9, 2025, 5:21 PM

Updated: Dec 9, 2025, 11:13 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

10.0

exploitability

5.8

remediation

0.0

relevance

1.3

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

10.0

exploitability

5.8

remediation

0.0

relevance

1.3

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LeptonCMS Arbitrary File Upload Vulnerability in Version 7.3.0

Vulnerability

Impact

Reproduction

Affected Products

LeptonCMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating