DB Electronica Telecomunicazioni Mozart FM Transmitter Unauthenticated Arbitrary File Deletion Vulnerability

A vulnerability allowing unauthenticated arbitrary file deletion has been identified in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, and 7000. The issue arises in the 'upgrade_contents.php' file, where the 'deleteupgrade' parameter allows for the deletion of arbitrary files in the '/var/www/upload/' directory. There are no restrictions on file extensions or path sanitization, enabling the removal of critical system files.

Impact

Exploitation of this vulnerability allows for unrestricted and unauthenticated deletion of files, which could include important system or application files, potentially leading to a denial of service or disruption of application functionality.

Reproduction

The vulnerability can be reproduced by sending a POST request to 'upgrade_contents.php' with the 'deleteupgrade' parameter set to the name of the file to be deleted. The absence of file extension restrictions allows for the deletion of any file, provided it is not a directory or symlink.