RPi-Jukebox-RFID 安全漏洞

RPi-Jukebox-RFID is a contactless jukebox for the Raspberry Pi from the individual developer Micz Flor in Germany. It plays audio files, playlists, podcasts, web streams and spotify triggered by RFID cards. A security vulnerability exists in RPi-Jukebox-RFID, which stems from an unauthenticated...

CVE-2025-63951

The CVE-2025-63951 vulnerability affects the MiczFlor RPi-Jukebox-RFID project, specifically the rss-mp3.php script. The rss GET parameter is passed directly to PHP’s unserialize() without validation, enabling a remote, unauthenticated attacker to inject arbitrary PHP objects, which can cause err...

PT-2025-52347

Name of the Vulnerable Software and Affected Versions MiczFlor RPi-Jukebox-RFID versions prior to commit 4b2334f0ae0e87c0568876fc41c48c38aa9a7014 2025-10-07 Description An insecure deserialization issue exists in the rss-mp3.php script. The rss GET parameter receives data that is directly passed ...

CVE-2008-4522

CVE-2008-4522 describes multiple directory traversal vulnerabilities in the JMweb MP3 Music Audio Search and Download Script. The issue allows remote attackers to cause inclusion and execution of arbitrary local files by manipulating the src parameter (via ..) in the listen.php and download.php s...

CVE-2008-4141

Multiple PHP remote file inclusion vulnerabilities in x10Media x10 Automatic MP3 Script 1.5.5 allow remote attackers to execute arbitrary PHP code via a URL in the webroot parameter to 1 includes/functioncore.php and 2 templates/layoutlyrics.php...

CVE-2008-4141

CVE-2008-4141 affects the x10Media x10 Automatic MP3 Script 1.5.5. The vulnerability is a remote file inclusion that allows an attacker to supply a URL in the web_root parameter to (1) includes/function_core.php and (2) templates/layout_lyrics.php, enabling arbitrary PHP code execution on the ser...