SawtoothSoftware Lighthouse Studio 漏洞列表
共找到 3 个与 SawtoothSoftware Lighthouse Studio 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2025-34300: SawtoothSoftware Lighthouse Studio < 9.16.14 - Pre-Auth Remote Code Execution POC
A pre-authentication remote code execution vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14. The issue arises from the unsafe use of the `eval` function within the Perl CGI component `ciwweb.pl`, where attacker-supplied input inside `hid_Random_ACARAT` is directly passed to `eval`. This allows remote unauthenticated attackers to execute arbitrary Perl code on the server. -
CVE-2025-34300: SawtoothSoftware Lighthouse Studio < 9.16.14 - Pre-Auth Remote Code Execution POC
A pre-authentication remote code execution vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14. The issue arises from the unsafe use of the `eval` function within the Perl CGI component `ciwweb.pl`, where attacker-supplied input inside `hid_Random_ACARAT` is directly passed to `eval`. This allows remote unauthenticated attackers to execute arbitrary Perl code on the server. -
SawtoothSoftware Lighthouse Studio 存在远程代码执行漏洞 无POC
Sawtooth Software 9.16.14之前的Lighthouse Studio版本中存在预身份验证远程代码执行漏洞。该问题源于PerlCGI组件“ciwweb.pl”中“eval”函数的不安全使用,其中攻击者在“hid_Random_ACARAT”中提供的输入直接传递给“eval“。这使得远程未经身份验证的攻击者能够在服务器上执行任意Perl代码。