Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unauthenticated OS Command Injection (restore_settings.php)
Vulnerability Description
Unauthenticated OS Command Injection (restore_settings.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform URL-decoded name parameter passed to exec() allows remote code execution. The `/var/tdf/restore_settings.php` endpoint passes user-controlled `$_GET["name"]` parameter through `urldecode()` directly into `exec()` without validation or escaping. Attackers can inject arbitrary shell commands using metacharacters (`;`, `|`, `&&`, etc.) to achieve unauthenticated remote code execution as the web server user.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
DB Electronica Mozart FM Transmitter 安全漏洞
Vulnerability Description
DB Electronica Mozart FM Transmitter是意大利DB Electronica公司的一个专业级FM广播发射机系列。 DB Electronica Mozart FM Transmitter 30版本、50版本、100版本、300版本、500版本、1000版本、2000版本、3000版本、3500版本、6000版本和7000版本存在安全漏洞,该漏洞源于restore_settings.php中name参数直接传递给exec,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A