Sawtooth Software Lighthouse Studio Template Injection Vulnerability Allowing Remote Code Execution
Vulnerability
A template injection vulnerability has been identified in Sawtooth Software's Lighthouse Studio, specifically in versions prior to 9.16.14. This vulnerability resides within the ciwweb.pl Perl web application, which is part of the survey software's CGI scripts. The issue allows an unauthenticated attacker to execute arbitrary commands on the server where the application is hosted.
Impact
Exploitation of this vulnerability leads to remote code execution on the affected server.
Reproduction
The vulnerability can be reproduced by sending a GET request to the server hosting the survey with the 'hid_Random_ACARAT' parameter. The parameter value should be crafted to include a payload that exploits the template injection, such as '[%257*7%25]', which is URL-encoded. Once the request is processed, the injected command will be executed on the server.
Remediation
Users are advised to upgrade to Sawtooth Software Lighthouse Studio version 9.16.14 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.