CVE-2025-6104 – Wifi-soft UniBox Controller Os Command Injection Vulnerability

June 16, 2025

CVE ID : CVE-2025-6104

Published : June 16, 2025, 4:15 a.m. | 2 hours, 3 minutes ago

Description : A vulnerability, which was classified as critical, was found in Wifi-soft UniBox Controller up to 20250506. This affects an unknown part of the file /billing/pms_check.php. The manipulation of the argument ipaddress leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6106 – WuKongOpenSource WukongCRM Cross-Site Request Forgery Vulnerability

Next Article CVE-2025-6102 – Wifi-soft UniBox Controller Os Command Injection Vulnerability

Highlights

CVE-2025-48992 – Group-Office Cross-Site Scripting Vulnerability

June 16, 2025

CVE ID : CVE-2025-48992

Published : June 16, 2025, 11:15 p.m. | 1 hour, 34 minutes ago

Description : Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a stored and blind cross-site scripting (XSS) vulnerability exists in the Name Field of the user profile. A malicious attacker can change their name to a javascript payload, which is executed when a user adds the malicious user to their Synchronization > Address books. This issue has been patched in versions 6.8.123 and 25.0.27.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

Is Agile dead in the age of AI?

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

The Core Model: Start FROM The Answer, Not WITH The Solution

Finally, a sleek gaming laptop I can take to the office (without sacrificing power)

These jobs face the highest risk of AI takeover, according to Microsoft

Apple’s tariff costs and iPhone sales are soaring – how long until device prices are too?

5 ways to successfully integrate AI agents into your workplace

Enhancing Laravel Queries with Reusable Scope Patterns

Enhancing Laravel Queries with Reusable Scope Patterns

Everything We Know About Livewire 4

Everything We Know About Livewire 4

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

Sam Altman is afraid of OpenAI’s GPT-5 creation — “The Manhattan Project feels very fast, like there are no adults in the room”

9 new features that arrived on the Windows 11 Insider Program during the second half of July 2025

CVE-2025-6104 – Wifi-soft UniBox Controller Os Command Injection Vulnerability

This month in security with Tony Anscombe – July 2025 edition

WordPress AI Engine Plugin Bug Allows Remote Code Execution – Update Now

CVE-2025-32951 – Jmix HTML Injection Vulnerability

Figma AI Tools

Farmonics Pizza Seasoning – Authentic Italian Blend for Perfect Pizza, Pasta & More

NVIDIA RTX 5000 GPUs are on sale at Newegg, and discounted gift cards can be used towards your purchase — It’s free money

CVE-2025-48992 – Group-Office Cross-Site Scripting Vulnerability

CVE-2025-47893 – Apache HTTP Server Cross-Site Request Forgery

CVE-2025-43952 – Mettler Toledo FreeWeight.Net Web Reports Viewer Cross-Site Scripting (XSS)

CVE-2025-6393 – TOTOLINK HTTP POST Request Handler Buffer Overflow Vulnerability

CVE-2025-6104 – Wifi-soft UniBox Controller Os Command Injection Vulnerability

Related Posts