| Titolo | Dst-admin 1.5.0 background kickPlayer interface remote command execution |
|---|
| Descrizione | dst-admin Supported features
1. Support one-button start and stop ground and cave services
2. Support server resource monitoring
3. Support famine room settings and world and MOD settings
4. Support archive management, archive recovery and automatic backup
5. Support automatic update of the game when no one is on duty
6. Support the setting of additional administrator or player blacklist
7. Support famine operation log view
8. Support uploading local archives
9. Support remote console, which can kick people, roll back and reset the world in the management background
An issue was discovered in dst-admin v1.5.0. The product has an background kickPlayer interface remote command execution that can expose sensitive information.
Vulnerability address:http://x.x.x.x:8080/ |
|---|
| Fonte | ⚠️ https://github.com/Ha0Liu/cveAdd/blob/developer/dst-admin%201.5.0后台kickPlayer接口远程命令执行/Dst-admin%201.5.0%20background%20kickPlayer%20interface%20remote%20command%20execution.md |
|---|
| Utente | yanfei.chen (UID 39837) |
|---|
| Sottomissione | 30/01/2023 03:06 (3 anni fa) |
|---|
| Moderazione | 02/02/2023 14:27 (3 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 220034 [dst-admin 1.5.0 /home/kickPlayer userId escalationi di privilegi] |
|---|
| Punti | 20 |
|---|