| عنوان | Dst-admin 1.5.0 background sendBroadcast interface remote command execution |
|---|
| الوصف | dst-admin Supported features
1. Support one-button start and stop ground and cave services
2. Support server resource monitoring
3. Support famine room settings and world and MOD settings
4. Support archive management, archive recovery and automatic backup
5. Support automatic update of the game when no one is on duty
6. Support the setting of additional administrator or player blacklist
7. Support famine operation log view
8. Support uploading local archives
9. Support remote console, which can kick people, roll back and reset the world in the management background
An issue was discovered in dst-admin v1.5.0. The product has an background sendBroadcast interface remote command execution that can expose sensitive information.
Vulnerability address:http://x.x.x.x:8080/ |
|---|
| المصدر | ⚠️ https://github.com/Ha0Liu/cveAdd/blob/developer/dst-admin%201.5.0后台sendBroadcast接口远程命令执行/Dst-admin%201.5.0%20background%20sendBroadcast%20interface%20remote%20command%20execution.md |
|---|
| المستخدم | yanfei.chen (UID 39837) |
|---|
| ارسال | 30/01/2023 03:08 AM (3 سنوات منذ) |
|---|
| الاعتدال | 02/02/2023 02:33 PM (3 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 220036 [dst-admin 1.5.0 /home/sendBroadcast رسالة تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|