24h | 7d | 30d

CVE-2025-66260

Overview

  • DB Electronica Telecomunicazioni S.p.A.
  • Mozart FM Transmitter
26 Nov 2025
Published
26 Nov 2025
Updated
CVSS v4.0
HIGH (7.2)
EPSS
0.03%
KEV

Description

PostgreSQL SQL Injection (status_sql.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform SQL injection via sw1 and sw2 parameters in status_sql.php. The `status_sql.php` endpoint constructs SQL UPDATE queries by directly concatenating user-controlled `sw1` and `sw2` parameters without using parameterized queries or `pg_escape_string()`. While PostgreSQL's `pg_exec` limitations prevent stacked queries, attackers can inject subqueries for data exfiltration and leverage verbose error messages for reconnaissance.

Statistics

  • 1 Post
  • 8 Interactions
Last activity: 6 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

Go hack more radio shit.

abdulmhsblog.com/posts/webfmvu

  • CVE-2025-66259: Authenticated Root RCE (main_ok.php)
  • CVE-2025-66253: Unauthenticated OS Command Injection (Upgrade)
  • CVE-2025-66261: Unauthenticated OS Command Injection (Restore)
  • CVE-2025-66262: Arbitrary File Overwrite (Tar Path Traversal)
  • CVE-2025-66250: Unrestricted File Upload (Status)
  • CVE-2025-66255: Unsigned Firmware Upload
  • CVE-2025-66256: Unrestricted Patch Upload
  • CVE-2025-66251: Path Traversal File Deletion
  • CVE-2025-66254: Arbitrary File Deletion (Upgrade)
  • CVE-2025-66263: Arbitrary File Read (Null Byte Injection)
  • CVE-2025-66260: SQL Injection
  • CVE-2025-66258: Stored XSS via XML Injection
  • CVE-2025-66257: Arbitrary Patch Deletion
  • CVE-2025-66252: Infinite Loop Denial of Service
  • 5
  • 3
  • 0
  • 6h ago

CVE-2025-66263

Overview

  • DB Electronica Telecomunicazioni S.p.A.
  • Mozart FM Transmitter
26 Nov 2025
Published
26 Nov 2025
Updated
CVSS v4.0
HIGH (8.9)
EPSS
0.04%
KEV

Description

Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in download_setting.php allows reading arbitrary files. The `/var/tdf/download_setting.php` endpoint constructs file paths by concatenating user-controlled `$_GET['filename']` with a forced `.tgz` extension. Running on PHP 5.3.2 (pre-5.3.4), the application is vulnerable to null byte injection (%00), allowing attackers to bypass the extension restriction and traverse paths. By requesting `filename=../../../../etc/passwd%00`, the underlying C functions treat the null byte as a string terminator, ignoring the appended `.tgz` and enabling unauthenticated arbitrary file disclosure of any file readable by the web server user.

Statistics

  • 1 Post
  • 8 Interactions
Last activity: 6 hours ago

Fediverse

Profile picture
cR0w h0 h0 @cR0w

Go hack more radio shit.

abdulmhsblog.com/posts/webfmvu

  • CVE-2025-66259: Authenticated Root RCE (main_ok.php)
  • CVE-2025-66253: Unauthenticated OS Command Injection (Upgrade)
  • CVE-2025-66261: Unauthenticated OS Command Injection (Restore)
  • CVE-2025-66262: Arbitrary File Overwrite (Tar Path Traversal)
  • CVE-2025-66250: Unrestricted File Upload (Status)
  • CVE-2025-66255: Unsigned Firmware Upload
  • CVE-2025-66256: Unrestricted Patch Upload
  • CVE-2025-66251: Path Traversal File Deletion
  • CVE-2025-66254: Arbitrary File Deletion (Upgrade)
  • CVE-2025-66263: Arbitrary File Read (Null Byte Injection)
  • CVE-2025-66260: SQL Injection
  • CVE-2025-66258: Stored XSS via XML Injection
  • CVE-2025-66257: Arbitrary Patch Deletion
  • CVE-2025-66252: Infinite Loop Denial of Service
  • 5
  • 3
  • 0
  • 6h ago
Showing 41 to 42 of 42 CVEs