2 matches found
CVE-2025-34095 Mako Server v2.5 and v2.6 OS Command Injection via examples/save.lsp
An OS command injection vulnerability exists in Mako Server versions 2.5 and 2.6, specifically within the tutorial interface provided by the examples/save.lsp endpoint. An unauthenticated attacker can send a crafted PUT request containing arbitrary Lua os.execute code, which is then persisted on...
CVE-2025-34095
creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/makoservercmdexec.rb 2025-09-09 20:51:40+00:00| seen| MISP/e0a0042d-e47b-4875-b781-99d4428af3c2 2025-10-23 21:13:04+00:00| seen|...