cvedb.io
CVE-2025-56704
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2025-12-09T17:15:51.373 · Last modified 2026-06-17T09:42:44.057

Summary

LeptonCMS version 7.3.0 contains an arbitrary file upload vulnerability, which is caused by the lack of proper validation for uploaded files. An authenticated attacker can exploit this vulnerability by uploading a specially crafted ZIP/PHP file to execute arbitrary code.

Affected products

lepton-cms — leptoncms

Does this affect you?

Add your gear to cvedb and we'll alert you only when lepton-cms ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.