Description
PostgreSQL SQL Injection (status_sql.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform SQL injection via sw1 and sw2 parameters in status_sql.php.
The `status_sql.php` endpoint constructs SQL UPDATE queries by directly concatenating user-controlled `sw1` and `sw2` parameters without using parameterized queries or `pg_escape_string()`. While PostgreSQL's `pg_exec` limitations prevent stacked queries, attackers can inject subqueries for data exfiltration and leverage verbose error messages for reconnaissance.
The `status_sql.php` endpoint constructs SQL UPDATE queries by directly concatenating user-controlled `sw1` and `sw2` parameters without using parameterized queries or `pg_escape_string()`. While PostgreSQL's `pg_exec` limitations prevent stacked queries, attackers can inject subqueries for data exfiltration and leverage verbose error messages for reconnaissance.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| DB Electronica Telecomunicazioni S.p.A. | Mozart FM Transmitter | unaffected |
|
Configuration 1 [-]
| AND |
|
Configuration 2 [-]
| AND |
|
Configuration 3 [-]
| AND |
|
Configuration 4 [-]
| AND |
|
Configuration 5 [-]
| AND |
|
Configuration 6 [-]
| AND |
|
Configuration 7 [-]
| AND |
|
Configuration 8 [-]
| AND |
|
Configuration 9 [-]
| AND |
|
Configuration 10 [-]
| AND |
|
Configuration 11 [-]
| AND |
|
Configuration 12 [-]
| AND |
|
Configuration 13 [-]
| AND |
|
Configuration 14 [-]
| AND |
|
Configuration 15 [-]
| AND |
|
Configuration 16 [-]
| AND |
|
Configuration 17 [-]
| AND |
|
Configuration 18 [-]
| AND |
|
Configuration 19 [-]
| AND |
|
Configuration 20 [-]
| AND |
|
Configuration 21 [-]
| AND |
|
Configuration 22 [-]
| AND |
|
No data.
| Vendor | Product | Confidence | Versions |
|---|---|---|---|
| Dbbroadcast | Mozart Fm Transmitter | — | — |
Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
| Link | Providers |
|---|---|
| https://www.abdulmhsblog.com/posts/webfmvulns/ |
|
History
Wed, 03 Dec 2025 17:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Dbbroadcast mozart Dds Next 100
Dbbroadcast mozart Dds Next 1000 Dbbroadcast mozart Dds Next 1000 Firmware Dbbroadcast mozart Dds Next 100 Firmware Dbbroadcast mozart Dds Next 2000 Dbbroadcast mozart Dds Next 2000 Firmware Dbbroadcast mozart Dds Next 30 Dbbroadcast mozart Dds Next 300 Dbbroadcast mozart Dds Next 3000 Dbbroadcast mozart Dds Next 3000 Firmware Dbbroadcast mozart Dds Next 300 Firmware Dbbroadcast mozart Dds Next 30 Firmware Dbbroadcast mozart Dds Next 3500 Dbbroadcast mozart Dds Next 3500 Firmware Dbbroadcast mozart Dds Next 50 Dbbroadcast mozart Dds Next 500 Dbbroadcast mozart Dds Next 500 Firmware Dbbroadcast mozart Dds Next 50 Firmware Dbbroadcast mozart Dds Next 6000 Dbbroadcast mozart Dds Next 6000 Firmware Dbbroadcast mozart Dds Next 7000 Dbbroadcast mozart Dds Next 7000 Firmware Dbbroadcast mozart Next 100 Dbbroadcast mozart Next 1000 Dbbroadcast mozart Next 1000 Firmware Dbbroadcast mozart Next 100 Firmware Dbbroadcast mozart Next 2000 Dbbroadcast mozart Next 2000 Firmware Dbbroadcast mozart Next 30 Dbbroadcast mozart Next 300 Dbbroadcast mozart Next 3000 Dbbroadcast mozart Next 3000 Firmware Dbbroadcast mozart Next 300 Firmware Dbbroadcast mozart Next 30 Firmware Dbbroadcast mozart Next 3500 Dbbroadcast mozart Next 3500 Firmware Dbbroadcast mozart Next 50 Dbbroadcast mozart Next 500 Dbbroadcast mozart Next 500 Firmware Dbbroadcast mozart Next 50 Firmware Dbbroadcast mozart Next 6000 Dbbroadcast mozart Next 6000 Firmware Dbbroadcast mozart Next 7000 Dbbroadcast mozart Next 7000 Firmware |
|
| CPEs | cpe:2.3:h:dbbroadcast:mozart_dds_next_1000:-:*:*:*:*:*:*:* cpe:2.3:h:dbbroadcast:mozart_dds_next_100:-:*:*:*:*:*:*:* cpe:2.3:h:dbbroadcast:mozart_dds_next_2000:-:*:*:*:*:*:*:* cpe:2.3:h:dbbroadcast:mozart_dds_next_3000:-:*:*:*:*:*:*:* cpe:2.3:h:dbbroadcast:mozart_dds_next_300:-:*:*:*:*:*:*:* cpe:2.3:h:dbbroadcast:mozart_dds_next_30:-:*:*:*:*:*:*:* cpe:2.3:h:dbbroadcast:mozart_dds_next_3500:-:*:*:*:*:*:*:* cpe:2.3:h:dbbroadcast:mozart_dds_next_500:-:*:*:*:*:*:*:* cpe:2.3:h:dbbroadcast:mozart_dds_next_50:-:*:*:*:*:*:*:* cpe:2.3:h:dbbroadcast:mozart_dds_next_6000:-:*:*:*:*:*:*:* cpe:2.3:h:dbbroadcast:mozart_dds_next_7000:-:*:*:*:*:*:*:* cpe:2.3:h:dbbroadcast:mozart_next_1000:-:*:*:*:*:*:*:* cpe:2.3:h:dbbroadcast:mozart_next_100:-:*:*:*:*:*:*:* cpe:2.3:h:dbbroadcast:mozart_next_2000:-:*:*:*:*:*:*:* cpe:2.3:h:dbbroadcast:mozart_next_3000:-:*:*:*:*:*:*:* cpe:2.3:h:dbbroadcast:mozart_next_300:-:*:*:*:*:*:*:* cpe:2.3:h:dbbroadcast:mozart_next_30:-:*:*:*:*:*:*:* cpe:2.3:h:dbbroadcast:mozart_next_3500:-:*:*:*:*:*:*:* cpe:2.3:h:dbbroadcast:mozart_next_500:-:*:*:*:*:*:*:* cpe:2.3:h:dbbroadcast:mozart_next_50:-:*:*:*:*:*:*:* cpe:2.3:h:dbbroadcast:mozart_next_6000:-:*:*:*:*:*:*:* cpe:2.3:h:dbbroadcast:mozart_next_7000:-:*:*:*:*:*:*:* cpe:2.3:o:dbbroadcast:mozart_dds_next_1000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dbbroadcast:mozart_dds_next_100_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dbbroadcast:mozart_dds_next_2000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dbbroadcast:mozart_dds_next_3000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dbbroadcast:mozart_dds_next_300_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dbbroadcast:mozart_dds_next_30_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dbbroadcast:mozart_dds_next_3500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dbbroadcast:mozart_dds_next_500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dbbroadcast:mozart_dds_next_50_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dbbroadcast:mozart_dds_next_6000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dbbroadcast:mozart_dds_next_7000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dbbroadcast:mozart_next_1000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dbbroadcast:mozart_next_100_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dbbroadcast:mozart_next_2000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dbbroadcast:mozart_next_3000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dbbroadcast:mozart_next_300_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dbbroadcast:mozart_next_30_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dbbroadcast:mozart_next_3500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dbbroadcast:mozart_next_500_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dbbroadcast:mozart_next_50_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dbbroadcast:mozart_next_6000_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:dbbroadcast:mozart_next_7000_firmware:-:*:*:*:*:*:*:* |
|
| Vendors & Products |
Dbbroadcast mozart Dds Next 100
Dbbroadcast mozart Dds Next 1000 Dbbroadcast mozart Dds Next 1000 Firmware Dbbroadcast mozart Dds Next 100 Firmware Dbbroadcast mozart Dds Next 2000 Dbbroadcast mozart Dds Next 2000 Firmware Dbbroadcast mozart Dds Next 30 Dbbroadcast mozart Dds Next 300 Dbbroadcast mozart Dds Next 3000 Dbbroadcast mozart Dds Next 3000 Firmware Dbbroadcast mozart Dds Next 300 Firmware Dbbroadcast mozart Dds Next 30 Firmware Dbbroadcast mozart Dds Next 3500 Dbbroadcast mozart Dds Next 3500 Firmware Dbbroadcast mozart Dds Next 50 Dbbroadcast mozart Dds Next 500 Dbbroadcast mozart Dds Next 500 Firmware Dbbroadcast mozart Dds Next 50 Firmware Dbbroadcast mozart Dds Next 6000 Dbbroadcast mozart Dds Next 6000 Firmware Dbbroadcast mozart Dds Next 7000 Dbbroadcast mozart Dds Next 7000 Firmware Dbbroadcast mozart Next 100 Dbbroadcast mozart Next 1000 Dbbroadcast mozart Next 1000 Firmware Dbbroadcast mozart Next 100 Firmware Dbbroadcast mozart Next 2000 Dbbroadcast mozart Next 2000 Firmware Dbbroadcast mozart Next 30 Dbbroadcast mozart Next 300 Dbbroadcast mozart Next 3000 Dbbroadcast mozart Next 3000 Firmware Dbbroadcast mozart Next 300 Firmware Dbbroadcast mozart Next 30 Firmware Dbbroadcast mozart Next 3500 Dbbroadcast mozart Next 3500 Firmware Dbbroadcast mozart Next 50 Dbbroadcast mozart Next 500 Dbbroadcast mozart Next 500 Firmware Dbbroadcast mozart Next 50 Firmware Dbbroadcast mozart Next 6000 Dbbroadcast mozart Next 6000 Firmware Dbbroadcast mozart Next 7000 Dbbroadcast mozart Next 7000 Firmware |
|
| Metrics |
cvssV3_1
|
Thu, 27 Nov 2025 10:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Dbbroadcast
Dbbroadcast mozart Fm Transmitter |
|
| Vendors & Products |
Dbbroadcast
Dbbroadcast mozart Fm Transmitter |
Wed, 26 Nov 2025 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 26 Nov 2025 01:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | PostgreSQL SQL Injection (status_sql.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform SQL injection via sw1 and sw2 parameters in status_sql.php. The `status_sql.php` endpoint constructs SQL UPDATE queries by directly concatenating user-controlled `sw1` and `sw2` parameters without using parameterized queries or `pg_escape_string()`. While PostgreSQL's `pg_exec` limitations prevent stacked queries, attackers can inject subqueries for data exfiltration and leverage verbose error messages for reconnaissance. | |
| Title | PostgreSQL SQL Injection (status_sql.php) | |
| Weaknesses | CWE-89 | |
| References |
| |
| Metrics |
cvssV4_0
|
Subscriptions
Dbbroadcast
Subscribe
Mozart Dds Next 100
Subscribe
Mozart Dds Next 1000
Subscribe
Mozart Dds Next 1000 Firmware
Subscribe
Mozart Dds Next 100 Firmware
Subscribe
Mozart Dds Next 2000
Subscribe
Mozart Dds Next 2000 Firmware
Subscribe
Mozart Dds Next 30
Subscribe
Mozart Dds Next 300
Subscribe
Mozart Dds Next 3000
Subscribe
Mozart Dds Next 3000 Firmware
Subscribe
Mozart Dds Next 300 Firmware
Subscribe
Mozart Dds Next 30 Firmware
Subscribe
Mozart Dds Next 3500
Subscribe
Mozart Dds Next 3500 Firmware
Subscribe
Mozart Dds Next 50
Subscribe
Mozart Dds Next 500
Subscribe
Mozart Dds Next 500 Firmware
Subscribe
Mozart Dds Next 50 Firmware
Subscribe
Mozart Dds Next 6000
Subscribe
Mozart Dds Next 6000 Firmware
Subscribe
Mozart Dds Next 7000
Subscribe
Mozart Dds Next 7000 Firmware
Subscribe
Mozart Fm Transmitter
Subscribe
Mozart Next 100
Subscribe
Mozart Next 1000
Subscribe
Mozart Next 1000 Firmware
Subscribe
Mozart Next 100 Firmware
Subscribe
Mozart Next 2000
Subscribe
Mozart Next 2000 Firmware
Subscribe
Mozart Next 30
Subscribe
Mozart Next 300
Subscribe
Mozart Next 3000
Subscribe
Mozart Next 3000 Firmware
Subscribe
Mozart Next 300 Firmware
Subscribe
Mozart Next 30 Firmware
Subscribe
Mozart Next 3500
Subscribe
Mozart Next 3500 Firmware
Subscribe
Mozart Next 50
Subscribe
Mozart Next 500
Subscribe
Mozart Next 500 Firmware
Subscribe
Mozart Next 50 Firmware
Subscribe
Mozart Next 6000
Subscribe
Mozart Next 6000 Firmware
Subscribe
Mozart Next 7000
Subscribe
Mozart Next 7000 Firmware
Subscribe
MITRE
Status: PUBLISHED
Assigner: Gridware
Published:
Updated: 2025-11-26T15:06:21.454Z
Reserved: 2025-11-26T00:21:58.504Z
Link: CVE-2025-66260
Vulnrichment
Updated: 2025-11-26T15:06:02.989Z
NVD
Status : Analyzed
Published: 2025-11-26T01:16:09.440
Modified: 2025-12-03T16:51:12.470
Link: CVE-2025-66260
Redhat
No data.
OpenCVE Enrichment
Updated: 2025-11-27T09:45:50Z
Weaknesses