DB Electronica Mozart FM Transmitter Unauthenticated File Upload Vulnerability Allowing Remote Code Execution

A vulnerability exists in the Mozart FM Transmitter web management interface, specifically in version WEBMOZZI-00287. The issue is an unauthenticated file upload vulnerability in the '/upload_file.php' endpoint. Attackers can exploit this by sending a crafted POST request with a malicious file, such as a PHP web shell, to the server. The uploaded file is stored in the '/upload/' directory, which allows for remote code execution and full system compromise.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server. Once the malicious file is executed, it can lead to a complete compromise of the system, giving the attacker full control over the server.

Reproduction

To reproduce this vulnerability, upload a malicious PHP web shell to the '/upload_file.php' endpoint via an unauthenticated POST request. After the file is uploaded, it can be accessed from the '/upload/' directory, where the web shell can be executed to run arbitrary commands on the server.

Remediation

It is recommended to implement authentication requirements for file uploads, validate file types and contents, store uploaded files outside of web-accessible directories, and maintain detailed logs of file upload activities.