CVE-2025-10326

Name of the Vulnerable Software and Affected Versions: MiczFlor RPi-Jukebox-RFID versions up to 2.8.0

Description: A security flaw exists in MiczFlor RPi-Jukebox-RFID up to version 2.8.0. The issue is due to os command injection in an unknown function of the file /htdocs/api/playlist/single.php when manipulating the playlist argument. This allows for remote exploitation. The exploit has been publicly released.

Recommendations: Versions prior to 2.8.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.