This application is vulnerable

[ChiChou]

There's a easy exploiting vulnerability in: https://github.com/humitos/pyfispot/blob/master/raspberrypi/home/pi/apps/pyfispot/main.py#L69

A fake X-Real-IP header will execute arbitrary command on the server

[humitos]

Thanks for your report. You are right.

We will need to validate that the request.remote_addr is a valid IP. Maybe with a regex? Would you like to propose a PR for this?