{“lastseen”:””,”description”:”Unauthenticated OS Command Injection (restore_settings.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform URL-decoded name parameter passed to exec() allows remote code execution.\\nThe `\/var\/tdf\/restore_settings.php` endpoint passes user-controlled `$_GET[\\”name\\”]` parameter through `urldecode()` directly into `exec()` without validation or escaping. Attackers can inject arbitrary shell commands using metacharacters (`;`, `|`, `\\u0026\\u0026`, etc.) to achieve unauthenticated remote code execution as the web server user.”,”published”:”2025-11-26T00:49:38.259Z”,”modified”:”2025-11-26T00:49:38.259Z”,”type”:”cve”,”title”:”Unauthenticated OS Command Injection (restore_settings.php)”,”source”:”Gridware”,”references”:”https:\/\/www.abdulmhsblog.com\/posts\/webfmvulns\/”,”id”:”CVE-2025-66261″,”bulletinFamily”:””,”cwe”:[“CWE-78″],”cvelist”:null,”sourceData”:”DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter 30\\nDB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter 50\\nDB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter 100\\nDB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter 300\\nDB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter 500\\nDB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter 1000\\nDB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter 2000\\nDB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter 3000\\nDB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter 3500\\nDB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter 6000\\nDB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter 7000″,”sourceHref”:””,”cvss”:{“score”:9.9,”severity”:”CRITICAL”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:N\/VC:H\/VI:H\/VA:H\/SC:H\/SI:N\/SA:N”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”Mozart FM Transmitter”,”version”:”30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000″,”vendor”:”DB Electronica Telecomunicazioni S.p.A.”,”ai_description”:”Unauthenticated OS Command Injection vulnerability in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter allows remote code execution”,”ai_severity”:”Critical”,”ai_vendor”:”DB Electronica Telecomunicazioni S.p.A.”,”ai_product”:”Mozart FM Transmitter”,”ai_version”:”30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000″,”ai_score”:9.9}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”Unauthenticated OS Command Injection (restore_settings.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[9,6,8,45,12,13,7,11,5],"class_list":["post-27616","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-critical","tag-cve","tag-cvss","tag-cvss-99","tag-exploit","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n