4 matches found
CVE-2025-66257
Unauthenticated Arbitrary File Deletion patchcontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deletepatch parameter allows unauthenticated deletion of arbitrary files...
CVE-2025-66257 Unauthenticated Arbitrary File Deletion (patch_contents.php)
Unauthenticated Arbitrary File Deletion patchcontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deletepatch parameter allows unauthenticated deletion of arbitrary files...
CVE-2025-66256
The CVE concerns a vulnerability in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter series (versions 30–7000) where the /var/tdf/patch_contents.php endpoint allows unauthenticated, unrestricted file uploads. There is no file type validation, MIME checking, or size restriction beyond...
PT-2025-48108
Name of the Vulnerable Software and Affected Versions DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30 through 7000 Description An unauthenticated arbitrary file upload issue exists in the /var/tdf/patch contents.php endpoint of the software. The endpoint lacks file type...