CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

SawtoothSoftware Lighthouse Studio < 9.16.14 - Pre-Auth Remote Code Execution

A pre-authentication remote code execution vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14. The issue arises from the unsafe use of the eval function within the Perl CGI component ciwweb.pl, where attacker-supplied input inside hidRandomACARAT is directly...

10CVSS6.9AI score0.73648EPSS

Exploits4References3

Rapid7 Blog•added 2025/09/12 7:51 p.m.•5 views

Metasploit Wrap-Up 09/12/25

New LightHouse Studio RCE module This week we've added a new module that exploits an unauthenticated template injection vulnerability CVE-2025-34300 in Sawtooth Software’s Lighthouse Studio, allowing arbitrary Perl execution via survey templates in versions prior to 9.16.14. This module has the...

10CVSS8.3AI score0.73648EPSS

Exploits9

Metasploit•added 2025/09/09 6:55 p.m.•699 views

Template Injection Vulnerability in Sawtooth Software's Lighthouse Studio (CVE-2025-34300)

This module exploits a template injection vulnerability in the Sawtooth Software Lighthouse Studio's ciwweb.pl web application. The application fails to properly sanitize user input within survey templates, allowing unauthenticated attackers to inject and execute arbitrary Perl commands on the...

10CVSS7.1AI score0.73648EPSS

Exploits4

RedhatCVE•added 2025/07/18 1:58 p.m.•3 views

CVE-2025-34300

A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands...

10CVSS8.1AI score0.73648EPSS

Exploits4References1