提交 #754510: dst-admin dst-admin <= 1.5.0 Improper Input Validation信息

标题dst-admin dst-admin <= 1.5.0 Improper Input Validation
描述An arbitrary file deletion vulnerability exists in dst-admin <= 1.5.0. The BackupController.deleteBackup() endpoint accepts a user-controlled array of file names and passes them directly to BackupService.deleteBackup() without proper validation. The vulnerability allows authenticated attackers to delete critical system files, application configuration files, or any files accessible to the application user.
来源⚠️ https://fx4tqqfvdw4.feishu.cn/docx/YKwydLrdno51JtxJksmcWSfbnvd?from=from_copylink
用户
 xcxr (UID 86629)
提交2026-02-09 07時43分 (4 月前)
管理2026-02-22 08時14分 (13 days later)
状态已接受
VulDB条目347324 [qinming99 dst-admin 直到 1.5.0 File BackupController.java deleteBackup 拒绝服务]
积分20

上一步一览下一步

Want to know what is going to be exploited?

We predict KEV entries!