| Название | Dst-admin 1.5.0 background masterConsole interface remote command execution |
|---|
| Описание | dst-admin Supported features
1. Support one-button start and stop ground and cave services
2. Support server resource monitoring
3. Support famine room settings and world and MOD settings
4. Support archive management, archive recovery and automatic backup
5. Support automatic update of the game when no one is on duty
6. Support the setting of additional administrator or player blacklist
7. Support famine operation log view
8. Support uploading local archives
9. Support remote console, which can kick people, roll back and reset the world in the management background
An issue was discovered in dst-admin v1.5.0. The product has an background masterConsole interface remote command execution that can expose sensitive information.
Vulnerability address:http://x.x.x.x:8080/ |
|---|
| Источник | ⚠️ https://github.com/Ha0Liu/cveAdd/blob/developer/dst-admin%201.5.0后台masterConsole接口远程命令执行/Dst-admin%201.5.0%20background%20masterConsole%20interface%20remote%20command%20execution.md |
|---|
| Пользователь | yanfei.chen (UID 39837) |
|---|
| Представление | 30.01.2023 03:07 (3 лет назад) |
|---|
| Модерация | 02.02.2023 14:29 (3 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 220035 [dst-admin 1.5.0 /home/masterConsole command эскалация привилегий] |
|---|
| Баллы | 20 |
|---|