{"id":24078,"date":"2025-10-30T10:50:34","date_gmt":"2025-10-30T10:50:34","guid":{"rendered":"http:\/\/localhost\/?p=24078"},"modified":"2025-10-30T10:50:34","modified_gmt":"2025-10-30T10:50:34","slug":"lepton-740-remote-code-execution","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=24078","title":{"rendered":"\ud83d\udcc4 LEPTON 7.4.0 Remote Code Execution_PACKETSTORM:211037"},"content":{"rendered":"

{“lastseen”:”2025-10-30T15:15:49″,”description”:”LEPTON CMS version 7.4.0 contains a remote…”,”published”:”2025-10-30T00:00:00″,”modified”:”2025-10-30T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 LEPTON 7.4.0 Remote Code Execution”,”source”:””,”references”:””,”id”:”PACKETSTORM:211037″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”# Exploit Title: LEPTON 7.4.0 Remote Code Execution (RCE) \\n # Exploit Author: tmrswrr \/Hulya KARABAG\\n # Vendor Homepage: https:\/\/lepton-cms.org\/\\n # Software Link: https:\/\/lepton-cms.org\/media\/download_gallery\/LEPTON_stable_7.4.0.zip\\n # Version : LEPTON 7.4.0 stable\\n # Date: October 29, 2025 \\n \\n \\n ## Vulnerability Description\\n \\n LEPTON CMS version 7.4.0 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary system commands through the Droplets functionality. This vulnerability arises from improper input validation and execution control within the Droplets feature.\\n \\n ## Proof of Concept\\n \\n ### Prerequisites\\n – Valid administrator credentials\\n – Access to the LEPTON CMS administrative interface\\n \\n ### Exploitation Steps\\n \\n 1. Authentication\\n – Log into the LEPTON CMS administration panel with administrator privileges\\n \\n 2. Access Droplets Management\\n – Navigate to: Menu \\u003e Administration \\u003e Admin-Tools\\n – Select the \\”Droplets\\” option\\n \\n 3. Create Malicious Droplet\\n – Click \\”Create New\\”\\n – Enter a droplet name (e.g., `malicious-droplet`)\\n – In the code field, insert the payload:\\n \\n \\n echo system(‘id’);\\n \\n – Click \\”Save and Back\\” to store the droplet\\n \\n 4. Trigger Execution\\n – Edit or create any page within the CMS\\n – In the content editor, insert the droplet using the syntax:\\n \\n [[malicious-droplet]]\\n \\n – Save the page modifications\\n \\n 5. Verify Exploitation\\n – Preview or visit the modified page\\n – The system command output will be displayed, confirming successful code execution”,”sourceHref”:”https:\/\/packetstorm.news\/download\/211037″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/211037\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2025-10-30T15:15:49″,”description”:”LEPTON CMS version 7.4.0 contains a remote…”,”published”:”2025-10-30T00:00:00″,”modified”:”2025-10-30T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 LEPTON 7.4.0 Remote Code Execution”,”source”:””,”references”:””,”id”:”PACKETSTORM:211037″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”# Exploit Title: LEPTON 7.4.0 Remote Code Execution (RCE) \\n # Exploit Author: tmrswrr…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,53,7,11,5],"class_list":["post-24078","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 LEPTON 7.4.0 Remote Code Execution_PACKETSTORM:211037 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=24078\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 LEPTON 7.4.0 Remote Code Execution_PACKETSTORM:211037 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2025-10-30T15:15:49″,”description”:”LEPTON CMS version 7.4.0 contains a remote…”,”published”:”2025-10-30T00:00:00″,”modified”:”2025-10-30T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 LEPTON 7.4.0 Remote Code Execution”,”source”:””,”references”:””,”id”:”PACKETSTORM:211037″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”# Exploit Title: LEPTON 7.4.0 Remote Code Execution (RCE) n # Exploit Author: tmrswrr...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=24078\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-10-30T10:50:34+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=24078#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=24078\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 LEPTON 7.4.0 Remote Code Execution_PACKETSTORM:211037\",\"datePublished\":\"2025-10-30T10:50:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=24078\"},\"wordCount\":357,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"exploit\",\"news\",\"NONE\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=24078#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=24078\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=24078\",\"name\":\"\ud83d\udcc4 LEPTON 7.4.0 Remote Code Execution_PACKETSTORM:211037 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-10-30T10:50:34+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=24078#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=24078\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=24078#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 LEPTON 7.4.0 Remote Code Execution_PACKETSTORM:211037\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 LEPTON 7.4.0 Remote Code Execution_PACKETSTORM:211037 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=24078","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 LEPTON 7.4.0 Remote Code Execution_PACKETSTORM:211037 - zero redgem","og_description":"{“lastseen”:”2025-10-30T15:15:49″,”description”:”LEPTON CMS version 7.4.0 contains a remote…”,”published”:”2025-10-30T00:00:00″,”modified”:”2025-10-30T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 LEPTON 7.4.0 Remote Code Execution”,”source”:””,”references”:””,”id”:”PACKETSTORM:211037″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”# Exploit Title: LEPTON 7.4.0 Remote Code Execution (RCE) n # Exploit Author: tmrswrr...","og_url":"https:\/\/zero.redgem.net\/?p=24078","og_site_name":"zero redgem","article_published_time":"2025-10-30T10:50:34+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=24078#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=24078"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 LEPTON 7.4.0 Remote Code Execution_PACKETSTORM:211037","datePublished":"2025-10-30T10:50:34+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=24078"},"wordCount":357,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","exploit","news","NONE","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=24078#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=24078","url":"https:\/\/zero.redgem.net\/?p=24078","name":"\ud83d\udcc4 LEPTON 7.4.0 Remote Code Execution_PACKETSTORM:211037 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-10-30T10:50:34+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=24078#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=24078"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=24078#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 LEPTON 7.4.0 Remote Code Execution_PACKETSTORM:211037"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/24078","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=24078"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/24078\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=24078"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=24078"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=24078"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}