MiczFlor RPi-Jukebox-RFID HTTP Request userScripts.php os command injection
CVE-2024-0714

9.8CRITICAL

Key Information:

Vendor: MiczFlor
Status: RPi-Jukebox-RFID
Vendor: CVE Published:; 19 January 2024

What is CVE-2024-0714?

A manipulation flaw exists within the userScripts.php component of the MiczFlor RPi-Jukebox-RFID version 2.5.0 and earlier. By providing a crafted argument to the 'folder' parameter, attackers can execute arbitrary OS commands on the server. This vulnerability can be exploited remotely, permitting unauthorized access and potential system compromise. The public disclosure of this flaw raises concerns for users who have not yet patched their systems, leaving them susceptible to potential attacks. Immediate action is recommended to mitigate risks associated with this exploit.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

RPi-Jukebox-RFID 2.0

RPi-Jukebox-RFID 2.1

RPi-Jukebox-RFID 2.2

References

https://vuldb.com/?id.251540

vdb-entrytechnical-description

https://vuldb.com/?ctiid.251540

signaturepermissions-required

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 19, 2024
Vulnerability Reserved
Jan 19, 2024

Credit

torada (VulDB User)

JSON

MiczFlor

What is CVE-2024-0714?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.