| タイトル | Dst-admin 1.5.0 background kickPlayer interface remote command execution |
|---|
| 説明 | dst-admin Supported features
1. Support one-button start and stop ground and cave services
2. Support server resource monitoring
3. Support famine room settings and world and MOD settings
4. Support archive management, archive recovery and automatic backup
5. Support automatic update of the game when no one is on duty
6. Support the setting of additional administrator or player blacklist
7. Support famine operation log view
8. Support uploading local archives
9. Support remote console, which can kick people, roll back and reset the world in the management background
An issue was discovered in dst-admin v1.5.0. The product has an background kickPlayer interface remote command execution that can expose sensitive information.
Vulnerability address:http://x.x.x.x:8080/ |
|---|
| ソース | ⚠️ https://github.com/Ha0Liu/cveAdd/blob/developer/dst-admin%201.5.0后台kickPlayer接口远程命令执行/Dst-admin%201.5.0%20background%20kickPlayer%20interface%20remote%20command%20execution.md |
|---|
| ユーザー | yanfei.chen (UID 39837) |
|---|
| 送信 | 2023年01月30日 03:06 (3 年 ago) |
|---|
| モデレーション | 2023年02月02日 14:27 (3 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 220034 [dst-admin 1.5.0 /home/kickPlayer userId 特権昇格] |
|---|
| ポイント | 20 |
|---|