DB Electronica Mozart FM Transmitter Unauthenticated Arbitrary File Deletion Vulnerability

A vulnerability allowing unauthenticated arbitrary file deletion has been identified in DB Electronica Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, and 7000. The issue arises in the 'patch_contents.php' file, where the 'deletepatch' parameter allows for the deletion of arbitrary files from the '/var/www/patch/' directory. This deletion occurs without proper sanitization or access control checks.

Impact

Exploitation of this vulnerability allows for unauthorized deletion of files, potentially leading to disruption of service or loss of important data.

Reproduction

The vulnerability can be reproduced by sending a POST request to 'patch_contents.php' with the 'deletepatch' parameter set to the name of the file to be deleted (without a .tgz extension). The absence of file extension restrictions allows for the deletion of any file, provided the web user has the necessary permissions.

Remediation

To address this vulnerability, implement proper input validation and sanitization for the 'deletepatch' parameter. Ensure that only authorized users can delete files and that deletion requests are logged for auditing purposes.