Отправить #754510: dst-admin dst-admin <= 1.5.0 Improper Input ValidationИнформация

Названиеdst-admin dst-admin <= 1.5.0 Improper Input Validation
ОписаниеAn arbitrary file deletion vulnerability exists in dst-admin <= 1.5.0. The BackupController.deleteBackup() endpoint accepts a user-controlled array of file names and passes them directly to BackupService.deleteBackup() without proper validation. The vulnerability allows authenticated attackers to delete critical system files, application configuration files, or any files accessible to the application user.
Источник⚠️ https://fx4tqqfvdw4.feishu.cn/docx/YKwydLrdno51JtxJksmcWSfbnvd?from=from_copylink
Пользователь
 xcxr (UID 86629)
Представление09.02.2026 07:43 (4 месяцы назад)
Модерация22.02.2026 08:14 (13 days later)
Статуспринято
Запись VulDB347324 [qinming99 dst-admin до 1.5.0 File BackupController.java deleteBackup отказ в обслуживании]
Баллы20

ПредыдущийОбзорДалее

Want to know what is going to be exploited?

We predict KEV entries!