Filtered by vendor Dbbroadcast
Subscriptions
Filtered by product Mozart Fm Transmitter
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-63227 | 1 Dbbroadcast | 1 Mozart Fm Transmitter | 2025-11-24 | 7.2 High |
| The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unrestricted file upload vulnerability in the /patch.php endpoint. An attacker with administrative credentials can upload arbitrary files (e.g., PHP webshells), which are stored in the /patch/ directory. This allows the attacker to execute arbitrary commands on the server, potentially leading to full system compromise. | ||||
| CVE-2025-63228 | 1 Dbbroadcast | 1 Mozart Fm Transmitter | 2025-11-24 | 9.8 Critical |
| The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unauthenticated file upload vulnerability in the /upload_file.php endpoint. An attacker can exploit this by sending a crafted POST request with a malicious file (e.g., a PHP webshell) to the server. The uploaded file is stored in the /upload/ directory, enabling remote code execution and full system compromise. | ||||
| CVE-2025-63229 | 1 Dbbroadcast | 1 Mozart Fm Transmitter | 2025-11-21 | 5.4 Medium |
| The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains a reflected Cross-Site Scripting (XSS) vulnerability in the /main0.php endpoint. By injecting a malicious JavaScript payload into the ?m= query parameter, an attacker can execute arbitrary code in the victim's browser, potentially stealing sensitive information, hijacking sessions, or performing unauthorized actions. | ||||
Page 1 of 1.