Dst Admin
Monthly
The deleteBackup function in Dst Admin up to version 1.5.0 contains an improper resource handling flaw that permits authenticated remote attackers to trigger denial of service conditions. Public exploit code is available for this vulnerability, and the vendor has not provided a patch despite early notification. The attack requires valid credentials but no user interaction, making it actionable in environments where access controls are weak.
Unauthenticated remote attackers can execute arbitrary commands on dst-admin versions up to 1.5.0 by manipulating the Name parameter in the revertBackup function at /home/restore endpoint. Public exploit code is available for this vulnerability, and the vendor has not provided a patch despite early notification.
The deleteBackup function in Dst Admin up to version 1.5.0 contains an improper resource handling flaw that permits authenticated remote attackers to trigger denial of service conditions. Public exploit code is available for this vulnerability, and the vendor has not provided a patch despite early notification. The attack requires valid credentials but no user interaction, making it actionable in environments where access controls are weak.
Unauthenticated remote attackers can execute arbitrary commands on dst-admin versions up to 1.5.0 by manipulating the Name parameter in the revertBackup function at /home/restore endpoint. Public exploit code is available for this vulnerability, and the vendor has not provided a patch despite early notification.