| Title | Dst-admin 1.5.0 background masterConsole interface remote command execution |
|---|
| Description | dst-admin Supported features
1. Support one-button start and stop ground and cave services
2. Support server resource monitoring
3. Support famine room settings and world and MOD settings
4. Support archive management, archive recovery and automatic backup
5. Support automatic update of the game when no one is on duty
6. Support the setting of additional administrator or player blacklist
7. Support famine operation log view
8. Support uploading local archives
9. Support remote console, which can kick people, roll back and reset the world in the management background
An issue was discovered in dst-admin v1.5.0. The product has an background masterConsole interface remote command execution that can expose sensitive information.
Vulnerability address:http://x.x.x.x:8080/ |
|---|
| Source | ⚠️ https://github.com/Ha0Liu/cveAdd/blob/developer/dst-admin%201.5.0后台masterConsole接口远程命令执行/Dst-admin%201.5.0%20background%20masterConsole%20interface%20remote%20command%20execution.md |
|---|
| User | yanfei.chen (UID 39837) |
|---|
| Submission | 2023年01月30日 03:07 (2 年 ago) |
|---|
| Moderation | 2023年02月02日 14:29 (3 days later) |
|---|
| Status | 承諾済み |
|---|
| VulDB Entry | 220035 [dst-admin 1.5.0 /home/masterConsole command privilege escalation] |
|---|
| Points | 20 |
|---|