{"uuid": "20e72465-e1a0-4622-bf2c-a4da381c9afe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-71284", "type": "seen", "source": "https://bsky.app/profile/modat-io.bsky.social/post/3ml2awivmxc2j", "content": "\u26a0\ufe0fCVE-2025-71284 Synway SMG RCE via en/9-2radius.php(CVSS 9.8). Sed injection via radius_address+POST params enables unauth RCE. No patch. Query: (web.title=\"IPPBX\" or web.html~\"synwayjs\") OR (web.html~\"text ml10 mr20\" and (web.title=\"\u7f51\u5173\u7ba1\u7406\u8f6f\u4ef6\" or web.title~\"Gateway Management\")) and tag!=\"Honeypot\"", "creation_timestamp": "2026-05-04T18:01:43.872877Z"}