Dst-admin Security Vulnerabilities and Issues — Dst-admin CVE List

Dst-admin ProjectDst-admin

8 matches found

CVE•added 2023/02/02 1:26 p.m.•88 views

CVE-2023-0646

CVE-2023-0646 affects dst-admin 1.5.0. The vulnerability arises from an unknown functionality in the file /home/cavesConsole where manipulation of the command argument enables remote command injection. Exploitation has been publicly disclosed. Multiple connected sources identify this as a remote-...

7.5CVSS7.3AI score0.03158EPSS

Web

CVE•added 2023/02/02 1:33 p.m.•88 views

CVE-2023-0649

CVE-2023-0649 affects dst-admin 1.5.0, with a flaw in the /home/sendBroadcast code path where manipulating the message parameter enables remote command injection. Multiple sources confirm a critical issue with remote exploit capability and public disclosure. The underlying impact is command execu...

7.5CVSS7.3AI score0.03158EPSS

Web

CVE•added 2023/02/02 1:27 p.m.•86 views

CVE-2023-0647

CVE-2023-0647 affects dst-admin 1.5.0. The vulnerability resides in an unknown function targeting the file /home/kickPlayer, where manipulating the argument userId leads to a remote command injection. The exploit has been disclosed publicly. Multiple sources corroborate a remote attack scenario w...

7.5CVSS7.2AI score0.0312EPSS

Web

CVE•added 2023/02/02 1:29 p.m.•83 views

CVE-2023-0648

CVE-2023-0648 affects dst-admin 1.5.0, with a command injection in the /home/masterConsole area caused by manipulation of the command argument. It can be exploited remotely and the exploit has been publicly disclosed. Some connected sources note a workaround (restrict access to the command argume...

7.5CVSS7.3AI score0.03056EPSS

CVE•added 2023/09/22 12:0 a.m.•48 views

CVE-2023-43270

CVE-2023-43270 concerns the web app dst-admin v1.5.0, where a Remote Command Execution (RCE) flaw is triggered by the userId parameter at the /home/playerOperate endpoint. The vulnerability is described across multiple sources as an RCE in dst-admin v1.5.0 with a CVSSv3.1 base score of 9.8 (CRITI...

9.8CVSS9.7AI score0.01447EPSS

Web

CVE•added 2022/01/10 2:18 p.m.•40 views

CVE-2021-44586

CVE-2021-44586 concerns dst-admin v1.3.0, where an unauthorized arbitrary file download vulnerability can expose sensitive information. According to NVD, the issue has a Network attack vector with low complexity and no authentication required, exposing partial confidentiality (C:P) and no integri...

7.5CVSS7.5AI score0.01308EPSS

CVE•added 2026/02/22 10:2 p.m.•17 views

CVE-2026-2956

CVE-2026-2956 affects qinming99 dst-admin up to 1.5.0. The issue is a command injection in the revertBackup function located in /home/restore, triggered by manipulating the Name argument. It supports remote attacker access and has publicly available exploit code. Public advisories indicate versio...

8.8CVSS6.4AI score0.0471EPSS

Web

CVE•added 2026/02/22 11:2 p.m.•11 views

CVE-2026-2957

In qinming99 dst-admin up to v1.5.0, the deleteBackup function in BackupController.java (File Handler component) is vulnerable to a remote Denial of Service. Public exploit details exist (PT-2026-21468), and upgrading to v1.5.1 is recommended; as a workaround, restrict access to deleteBackup unti...

8.1CVSS5.5AI score0.00371EPSS