Sourcefabric

Rpi-jukebox-rfid

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-10370

Exploit
  • EPSS 0.27%
  • Veröffentlicht 13.09.2025 17:02:07
  • Zuletzt bearbeitet 03.02.2026 22:16:26

A vulnerability was identified in MiczFlor RPi-Jukebox-RFID up to 2.8.0. This vulnerability affects unknown code of the file /htdocs/userScripts.php. The manipulation of the argument Custom script leads to cross site scripting. The attack is possible...

6.1

CVE-2025-10369

Exploit
  • EPSS 0.03%
  • Veröffentlicht 13.09.2025 16:32:06
  • Zuletzt bearbeitet 16.10.2025 15:16:18

A vulnerability was determined in MiczFlor RPi-Jukebox-RFID up to 2.8.0. This affects an unknown part of the file /htdocs/cardRegisterNew.php. Executing manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit h...

6.1

CVE-2025-10368

Exploit
  • EPSS 0.03%
  • Veröffentlicht 13.09.2025 15:32:05
  • Zuletzt bearbeitet 16.10.2025 15:25:11

A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this issue is some unknown functionality of the file /htdocs/manageFilesFolders.php. Performing manipulation results in cross site scripting. Remote exploitation of the a...

6.1

CVE-2025-10367

Exploit
  • EPSS 0.03%
  • Veröffentlicht 13.09.2025 14:15:32
  • Zuletzt bearbeitet 16.10.2025 15:28:47

A vulnerability has been found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this vulnerability is an unknown functionality of the file /htdocs/cardEdit.php. Such manipulation leads to cross site scripting. The attack may be launched remotely...

5.4

CVE-2025-10366

Exploit
  • EPSS 0.03%
  • Veröffentlicht 13.09.2025 13:32:06
  • Zuletzt bearbeitet 02.10.2025 20:10:47

A flaw has been found in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected is an unknown function of the file /htdocs/inc.setWlanIpMail.php. This manipulation of the argument Email address causes cross site scripting. The attack may be initiated remote...

9.8

CVE-2025-10328

Exploit
  • EPSS 0.27%
  • Veröffentlicht 12.09.2025 21:32:08
  • Zuletzt bearbeitet 02.10.2025 20:14:15

A security vulnerability has been detected in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this issue is some unknown functionality of the file /htdocs/api/playlist/playsinglefile.php. The manipulation of the argument File leads to os command i...

9.8

CVE-2025-10327

Exploit
  • EPSS 1.45%
  • Veröffentlicht 12.09.2025 21:15:33
  • Zuletzt bearbeitet 20.01.2026 20:16:00

A weakness has been identified in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this vulnerability is an unknown functionality of the file /htdocs/api/playlist/shuffle.php. Executing manipulation of the argument playlist can lead to os command i...

9.8

CVE-2025-10326

Exploit
  • EPSS 0.3%
  • Veröffentlicht 12.09.2025 20:32:05
  • Zuletzt bearbeitet 02.10.2025 20:16:24

A security flaw has been discovered in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected is an unknown function of the file /htdocs/api/playlist/single.php. Performing manipulation of the argument playlist results in os command injection. The attack ca...

9.8

CVE-2022-36749

Exploit
  • EPSS 2.69%
  • Veröffentlicht 30.08.2022 22:15:09
  • Zuletzt bearbeitet 21.11.2024 07:13:38

RPi-Jukebox-RFID v2.3.0 was discovered to contain a command injection vulnerability via the component /htdocs/utils/Files.php. This vulnerability is exploited via a crafted payload injected into the file name of an uploaded file.