| Titel | dst-admin dst-admin <= 1.5.0 Improper Input Validation |
|---|
| Beschreibung | An arbitrary file deletion vulnerability exists in dst-admin <= 1.5.0. The BackupController.deleteBackup() endpoint accepts a user-controlled array of file names and passes them directly to BackupService.deleteBackup() without proper validation. The vulnerability allows authenticated attackers to delete critical system files, application configuration files, or any files accessible to the application user. |
|---|
| Quelle | ⚠️ https://fx4tqqfvdw4.feishu.cn/docx/YKwydLrdno51JtxJksmcWSfbnvd?from=from_copylink |
|---|
| Benutzer | xcxr (UID 86629) |
|---|
| Einreichung | 09.02.2026 07:43 (vor 3 Monaten) |
|---|
| Moderieren | 22.02.2026 08:14 (13 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 347324 [qinming99 dst-admin bis 1.5.0 File BackupController.java deleteBackup Denial of Service] |
|---|
| Punkte | 20 |
|---|