automatic module_metadata_base.json update

jenkins-metasploit · jenkins-metasploit · commit 704a8f10b889 · 2025-09-08T23:57:37.000Z
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -109035,6 +109035,66 @@
     "session_types": false,
     "needs_cleanup": null
   },
+  "exploit_multi/http/lighthouse_studio_unauth_rce_cve_2025_34300": {
+    "name": "Template Injection Vulnerability in Sawtooth Software's Lighthouse Studio (CVE-2025-34300)",
+    "fullname": "exploit/multi/http/lighthouse_studio_unauth_rce_cve_2025_34300",
+    "aliases": [],
+    "rank": 600,
+    "disclosure_date": "2025-07-16",
+    "type": "exploit",
+    "author": [
+      "Maksim Rogov",
+      "Adam Kues"
+    ],
+    "description": "This module exploits a template injection vulnerability in the\n          Sawtooth Software Lighthouse Studio's `ciwweb.pl` web application.\n          The application fails to properly sanitize user input within survey templates,\n          allowing unauthenticated attackers to inject and execute arbitrary Perl commands\n          on the target system.\n\n          This vulnerability affects Lighthouse Studio versions prior to 9.16.14.\n          Successful exploitation may result in remote code execution under the privileges\n          of the web server, potentially exposing sensitive data or disrupting survey operations.\n\n          An attacker can execute arbitrary system commands in the context of the user running the web server.",
+    "references": [
+      "CVE-2025-34300",
+      "URL-https://slcyber.io/assetnote-security-research-center/rce-in-the-most-popular-survey-software-youve-never-heard-of/"
+    ],
+    "platform": "Multi",
+    "arch": "cmd",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Unix Command",
+      "Windows Command"
+    ],
+    "mod_time": "2025-07-26 03:15:00 +0000",
+    "path": "/modules/exploits/multi/http/lighthouse_studio_unauth_rce_cve_2025_34300.rb",
+    "is_install_path": true,
+    "ref_name": "multi/http/lighthouse_studio_unauth_rce_cve_2025_34300",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "ioc-in-logs",
+        "artifacts-on-disk"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
   "exploit_multi/http/log1cms_ajax_create_folder": {
     "name": "Log1 CMS writeInfo() PHP Code Injection",
     "fullname": "exploit/multi/http/log1cms_ajax_create_folder",
