漏洞描述
Sawtooth Software 9.16.14之前的Lighthouse Studio版本中存在预身份验证远程代码执行漏洞。该问题源于PerlCGI组件“ciwweb.pl”中“eval”函数的不安全使用,其中攻击者在“hid_Random_ACARAT”中提供的输入直接传递给“eval“。这使得远程未经身份验证的攻击者能够在服务器上执行任意Perl代码。
SawtoothSoftware Lighthouse Studio 存在远程代码执行漏洞
PoC代码
暂无相关漏洞推荐
- POC vscode-slnx-sqlite-disclosure: Visual Studio Code - Slnx.SQLite File Disclosure
- Cherry Studio 未授权 代码注入漏洞
- Sim Studio AI 服务端请求伪造漏洞(CVE-2025-9805)
- IBM Watson Studio on Cloud Pak for Data 跨站脚本漏洞
- Cherry Studio 命令注入漏洞
- POC CVE-2019-8982: Wavemaker Studio 6.6 - Local File Inclusion/Server-Side Request Forgery
- POC CVE-2021-43421: Studio-42 elFinder <2.1.60 - Arbitrary File Upload
- POC CVE-2022-38131: RStudio Connect - Open Redirect
- POC CVE-2023-47115: Label Studio - Cross-Site Scripting
- POC CVE-2023-47117: Label Studio - Sensitive Information Exposure
- POC CVE-2025-34300: SawtoothSoftware Lighthouse Studio < 9.16.14 - Pre-Auth Remote Code Execution
- POC shikongzhiyou-erp-uploadstudiofile-fileupload: 时空智友ERP系统 uploadStudioFile 任意文件上传漏洞
- POC exposed-vscode: Visual Studio Code Directories - Detect