CVE-2025-66257

Sažetak

Unauthenticated Arbitrary File Deletion (patch_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deletepatch parameter allows unauthenticated deletion of arbitrary files. The `deletepatch` parameter in `patch_contents.php` allows unauthenticated deletion of arbitrary files in `/var/www/patch/` directory without sanitization or access control checks.

Reference

https://www.abdulmhsblog.com/posts/webfmvulns/
https://www.abdulmhsblog.com/posts/webfmvulns/

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

28-11-2025 - 23:11

Objavljeno

26-11-2025 - 01:16