Enviar #754510: dst-admin dst-admin <= 1.5.0 Improper Input Validationinformación

Títulodst-admin dst-admin <= 1.5.0 Improper Input Validation
DescripciónAn arbitrary file deletion vulnerability exists in dst-admin <= 1.5.0. The BackupController.deleteBackup() endpoint accepts a user-controlled array of file names and passes them directly to BackupService.deleteBackup() without proper validation. The vulnerability allows authenticated attackers to delete critical system files, application configuration files, or any files accessible to the application user.
Fuente⚠️ https://fx4tqqfvdw4.feishu.cn/docx/YKwydLrdno51JtxJksmcWSfbnvd?from=from_copylink
Usuario
 xcxr (UID 86629)
Sumisión2026-02-09 07:43 (hace 4 meses)
Moderación2026-02-22 08:14 (13 days later)
EstadoAceptado
Entrada de VulDB347324 [qinming99 dst-admin hasta 1.5.0 File BackupController.java deleteBackup denegación de servicio]
Puntos20

AnteriorVisión De ConjuntoPróximo

Want to know what is going to be exploited?

We predict KEV entries!