RPi-Jukebox-RFID v2.3.0 was discovered to contain a command injection vulnerability via the component /htdocs/utils/Files.php. This vulnerability is exploited via a crafted payload injected into the file name of an uploaded file.
References
Link | Resource |
---|---|
https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/1859 | Exploit Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-08-30T21:27:46
Updated: 2022-08-30T21:27:46
Reserved: 2022-07-25T00:00:00
Link: CVE-2022-36749
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-08-30T22:15:09.630
Modified: 2023-08-08T14:21:49.707
Link: CVE-2022-36749
JSON object: View
Redhat Information
No data.
CWE