제출 #754510: dst-admin dst-admin <= 1.5.0 Improper Input Validation정보

제목dst-admin dst-admin <= 1.5.0 Improper Input Validation
설명An arbitrary file deletion vulnerability exists in dst-admin <= 1.5.0. The BackupController.deleteBackup() endpoint accepts a user-controlled array of file names and passes them directly to BackupService.deleteBackup() without proper validation. The vulnerability allows authenticated attackers to delete critical system files, application configuration files, or any files accessible to the application user.
원천⚠️ https://fx4tqqfvdw4.feishu.cn/docx/YKwydLrdno51JtxJksmcWSfbnvd?from=from_copylink
사용자
 xcxr (UID 86629)
제출2026. 02. 09. AM 07:43 (4 개월 ago)
모더레이션2026. 02. 22. AM 08:14 (13 days later)
상태수락
VulDB 항목347324 [qinming99 dst-admin 까지 1.5.0 File BackupController.java deleteBackup 서비스 거부]
포인트들20

이전개요다음

Want to know what is going to be exploited?

We predict KEV entries!