📄 RPi-Jukebox-RFID 2.8.0 Command Injection

RPi-Jukebox-RFID version 2.8.0 proof of concept command injection exploit that leverages /phoniebox/api/playlist/shuffle.php. ============================================================================================================================================= | Title : RPi-Jukebox-RFID...

📄 RPi-Jukebox-RFID 2.8.0 Remote Code Execution

RPi-Jukebox-RFID version 2.8.0 proof of concept exploit that demonstrates an OS command injection vulnerability in the shuffle.php API endpoint. The vulnerable parameter playlist is passed directly to a shell command without sanitization, allowing an attacker to execute arbitrary system commands...

RPi-Jukebox-RFID 2.8.0 - Remote Command Execution

Exploit Title: RPi-Jukebox-RFID 2.8.0 - Remote Code Execution Date: 2025-09-25 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://github.com/MiczFlor/RPi-Jukebox-RFID Software Link: https://github.com/MiczFlor/RPi-Jukebox-RFID/releases/tag/v2.8.0 Version: 2.8.0 Tested on: Raspberry P...

EUVD-2018-3380

Malware in sbrugna...

CVE-2025-10327

A weakness has been identified in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this vulnerability is an unknown functionality of the file /htdocs/api/playlist/shuffle.php. Executing manipulation of the argument playlist can lead to os command injection. The attack can be launched remotely...

CVE-2025-10326

A security flaw has been discovered in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected is an unknown function of the file /htdocs/api/playlist/single.php. Performing manipulation of the argument playlist results in os command injection. The attack can be initiated remotely. The exploit has been...

CVE-2025-10326

A security flaw has been discovered in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected is an unknown function of the file /htdocs/api/playlist/single.php. Performing manipulation of the argument playlist results in os command injection. The attack can be initiated remotely. The exploit has been...

CVE-2025-10326

CVE-2025-10326 affects MiczFlor RPi-Jukebox-RFID up to 2.8.0. Vulnerable due to improper handling of the playlist parameter in /htdocs/api/playlist/single.php , enabling remote OS command injection . Public exploit/PoC exists; exploitation can be remote with no authentication. Vendor reportedly u...

RPi-Jukebox-RFID 操作系统命令注入漏洞

RPi-Jukebox-RFID is a contactless jukebox for the Raspberry Pi from the individual developer Micz Flor in Germany. It can play audio files, playlists, podcasts, web streams and spotify triggered by RFID cards. An OS command injection vulnerability exists in RPi-Jukebox-RFID version 2.8.0 and...

RPi-Jukebox-RFID 操作系统命令注入漏洞

RPi-Jukebox-RFID is a contactless jukebox for the Raspberry Pi from the individual developer Micz Flor in Germany. It can play audio files, playlists, podcasts, web streams and spotify triggered by RFID cards. An OS command injection vulnerability exists in RPi-Jukebox-RFID version 2.8.0 and...

Sql injection

PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack on the page ajax.php with the parameter playlist...

PHPSUGAR PHP Melody SQL Injection Vulnerability

PHP Melody is a self-hosted video CMS. A SQL injection vulnerability exists in PHPSUGAR PHP Melody CMS 2.6.1. An attacker can exploit this vulnerability to inject SQL queries or extract data via the playlist parameter of playlists.php...

CVE-2017-15081

In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php...

Sql injection

In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php...

CVE-2017-15081

In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php...

GRAND FlAGallery Skins - compact_music_player/gallery.php playlist Parameter SQL Injection

The flagallery-skins WordPress plugin was affected by a compactmusicplayer/gallery.php playlist Parameter SQL Injection security vulnerability...