| عنوان | dst-admin dst-admin <= 1.5.0 Improper Input Validation |
|---|
| الوصف | An arbitrary file deletion vulnerability exists in dst-admin <= 1.5.0. The BackupController.deleteBackup() endpoint accepts a user-controlled array of file names and passes them directly to BackupService.deleteBackup() without proper validation. The vulnerability allows authenticated attackers to delete critical system files, application configuration files, or any files accessible to the application user. |
|---|
| المصدر | ⚠️ https://fx4tqqfvdw4.feishu.cn/docx/YKwydLrdno51JtxJksmcWSfbnvd?from=from_copylink |
|---|
| المستخدم | xcxr (UID 86629) |
|---|
| ارسال | 09/02/2026 07:43 AM (3 أشهر منذ) |
|---|
| الاعتدال | 22/02/2026 08:14 AM (13 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 347324 [qinming99 dst-admin حتى 1.5.0 File BackupController.java deleteBackup الحرمان من الخدمة] |
|---|
| النقاط | 20 |
|---|