Vulnerabilities Found in LEPTON CMS
LEPTON CMS is a free, open-source Content Management System.
Affected Application: Versions up to and including 1.1.3.
Issue: Multiple vulnerabilities were discovered in the Lipton application including Cross-Site Scripting, SQL Injection and Directory Traversal. These vulnerabilities could let attackers execute unintended commands, access unauthorized data, hijack user sessions, access or modify tables within the application’s database, or redirect users to malicious sites.
Resolution: An update for LEPTON is available. For more information, visit the vendor’s website: http://www.lepton-cms.org/posts/security-release-lepton-1.1.4-52.php.
To learn more about cross-site scripting, see Cross-Site Scripting.
To learn more about SQL Injections, see Injection Flaws.
Website Protection Site Scanner scans for this vulnerability, and many more. To learn about Site Scanner, see Getting Started with Website Protection Site Scanner.
Comments are closed.