DB Electronica Mozart FM Transmitter Unauthenticated OS Command Injection Vulnerability Allowing Remote Code Execution

A vulnerability allowing unauthenticated OS command injection has been identified in DB Electronica Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, and 7000. The issue arises in the 'start_upgrade.php' file, where user input from the 'filename' parameter is passed directly to the 'exec()' function without proper sanitization or escaping. This flaw enables attackers to inject arbitrary shell commands, achieving remote code execution as the web server user, likely with root privileges.

Impact

Exploitation of this vulnerability allows for unauthenticated remote code execution on the affected system, with the executed commands running as the web server user, potentially leading to elevated privileges.

Reproduction

The vulnerability can be reproduced by sending a GET request to the 'start_upgrade.php' endpoint with a crafted 'filename' parameter that includes injected shell commands. The injected commands will be executed on the server, demonstrating the command injection and resulting remote code execution.