Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-63228

Опубликовано: 18 нояб. 2025
Источник: nvd
CVSS3: 9.8
EPSS Низкий

Описание

The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unauthenticated file upload vulnerability in the /upload_file.php endpoint. An attacker can exploit this by sending a crafted POST request with a malicious file (e.g., a PHP webshell) to the server. The uploaded file is stored in the /upload/ directory, enabling remote code execution and full system compromise.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:dbbroadcast:mozart_next_100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:mozart_next_100:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:dbbroadcast:mozart_next_1000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:mozart_next_1000:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:dbbroadcast:mozart_next_2000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:mozart_next_2000:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:o:dbbroadcast:mozart_next_30_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:mozart_next_30:-:*:*:*:*:*:*:*
Конфигурация 5

Одновременно

cpe:2.3:o:dbbroadcast:mozart_next_300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:mozart_next_300:-:*:*:*:*:*:*:*
Конфигурация 6

Одновременно

cpe:2.3:o:dbbroadcast:mozart_next_3000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:mozart_next_3000:-:*:*:*:*:*:*:*
Конфигурация 7

Одновременно

cpe:2.3:o:dbbroadcast:mozart_next_3500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:mozart_next_3500:-:*:*:*:*:*:*:*
Конфигурация 8

Одновременно

cpe:2.3:o:dbbroadcast:mozart_next_50_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:mozart_next_50:-:*:*:*:*:*:*:*
Конфигурация 9

Одновременно

cpe:2.3:o:dbbroadcast:mozart_next_500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:mozart_next_500:-:*:*:*:*:*:*:*
Конфигурация 10

Одновременно

cpe:2.3:o:dbbroadcast:mozart_next_6000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:mozart_next_6000:-:*:*:*:*:*:*:*
Конфигурация 11

Одновременно

cpe:2.3:o:dbbroadcast:mozart_next_7000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:mozart_next_7000:-:*:*:*:*:*:*:*
Конфигурация 12

Одновременно

cpe:2.3:o:dbbroadcast:mozart_dds_next_30_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:mozart_dds_next_30:-:*:*:*:*:*:*:*
Конфигурация 13

Одновременно

cpe:2.3:o:dbbroadcast:mozart_dds_next_50_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:mozart_dds_next_50:-:*:*:*:*:*:*:*
Конфигурация 14

Одновременно

cpe:2.3:o:dbbroadcast:mozart_dds_next_100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:mozart_dds_next_100:-:*:*:*:*:*:*:*
Конфигурация 15

Одновременно

cpe:2.3:o:dbbroadcast:mozart_dds_next_300_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:mozart_dds_next_300:-:*:*:*:*:*:*:*
Конфигурация 16

Одновременно

cpe:2.3:o:dbbroadcast:mozart_dds_next_500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:mozart_dds_next_500:-:*:*:*:*:*:*:*
Конфигурация 17

Одновременно

cpe:2.3:o:dbbroadcast:mozart_dds_next_1000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:mozart_dds_next_1000:-:*:*:*:*:*:*:*
Конфигурация 18

Одновременно

cpe:2.3:o:dbbroadcast:mozart_dds_next_2000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:mozart_dds_next_2000:-:*:*:*:*:*:*:*
Конфигурация 19

Одновременно

cpe:2.3:o:dbbroadcast:mozart_dds_next_3000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:mozart_dds_next_3000:-:*:*:*:*:*:*:*
Конфигурация 20

Одновременно

cpe:2.3:o:dbbroadcast:mozart_dds_next_3500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:mozart_dds_next_3500:-:*:*:*:*:*:*:*
Конфигурация 21

Одновременно

cpe:2.3:o:dbbroadcast:mozart_dds_next_6000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:mozart_dds_next_6000:-:*:*:*:*:*:*:*
Конфигурация 22

Одновременно

cpe:2.3:o:dbbroadcast:mozart_dds_next_7000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:dbbroadcast:mozart_dds_next_7000:-:*:*:*:*:*:*:*

EPSS

Процентиль: 66%
0.00525
Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434

Связанные уязвимости

github логотип

GHSA-rp7m-4f5j-m5wj

CVSS3: 9.8
github
3 месяца назад

The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unauthenticated file upload vulnerability in the /upload_file.php endpoint. An attacker can exploit this by sending a crafted POST request with a malicious file (e.g., a PHP webshell) to the server. The uploaded file is stored in the /upload/ directory, enabling remote code execution and full system compromise.

EPSS

Процентиль: 66%
0.00525
Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434