Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unauthenticated Arbitrary File Read via Null Byte Injection
Vulnerability Description
Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in download_setting.php allows reading arbitrary files. The `/var/tdf/download_setting.php` endpoint constructs file paths by concatenating user-controlled `$_GET['filename']` with a forced `.tgz` extension. Running on PHP 5.3.2 (pre-5.3.4), the application is vulnerable to null byte injection (%00), allowing attackers to bypass the extension restriction and traverse paths. By requesting `filename=../../../../etc/passwd%00`, the underlying C functions treat the null byte as a string terminator, ignoring the appended `.tgz` and enabling unauthenticated arbitrary file disclosure of any file readable by the web server user.
CVSS Information
N/A
Vulnerability Type
空字节或NULL字符转义处理不恰当
Vulnerability Title
DB Electronica Mozart FM Transmitter 安全漏洞
Vulnerability Description
DB Electronica Mozart FM Transmitter是意大利DB Electronica公司的一个专业级FM广播发射机系列。 DB Electronica Mozart FM Transmitter 30版本、50版本、100版本、300版本、500版本、1000版本、2000版本、3000版本、3500版本、6000版本和7000版本存在安全漏洞,该漏洞源于download_setting.php中空字节注入,可能导致任意文件读取。
CVSS Information
N/A
Vulnerability Type
N/A