漏洞描述
Sawtooth Lighthouse Studio 的 /cgi-bin/ciwweb.pl 文件存在远程代码执行漏洞。攻击者可以通过特制的请求在受影响的服务器上执行任意代码,可能导致服务器被完全控制、数据泄露和系统崩溃等严重后果。
Sawtooth Lighthouse Studio /cgi-bin/ciwweb.pl 命令执行漏洞(CVE-2025-34300)
PoC代码
暂无相关漏洞推荐
- POC vscode-slnx-sqlite-disclosure: Visual Studio Code - Slnx.SQLite File Disclosure
- Cherry Studio 未授权 代码注入漏洞
- Sim Studio AI 服务端请求伪造漏洞(CVE-2025-9805)
- IBM Watson Studio on Cloud Pak for Data 跨站脚本漏洞
- Cherry Studio 命令注入漏洞
- POC CVE-2019-8982: Wavemaker Studio 6.6 - Local File Inclusion/Server-Side Request Forgery
- POC CVE-2021-43421: Studio-42 elFinder <2.1.60 - Arbitrary File Upload
- POC CVE-2022-38131: RStudio Connect - Open Redirect
- POC CVE-2023-47115: Label Studio - Cross-Site Scripting
- POC CVE-2023-47117: Label Studio - Sensitive Information Exposure
- POC CVE-2025-34300: SawtoothSoftware Lighthouse Studio < 9.16.14 - Pre-Auth Remote Code Execution
- POC shikongzhiyou-erp-uploadstudiofile-fileupload: 时空智友ERP系统 uploadStudioFile 任意文件上传漏洞
- POC exposed-vscode: Visual Studio Code Directories - Detect