CVE-2023-43270
https://notcve.org/view.php?id=CVE-2023-43270
dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/playerOperate. Se descubrió que dst-admin v1.5.0 contiene una vulnerabilidad de ejecución remota de comandos (RCE) a través del parámetro userId en /home/playerOperate. • https://github.com/Libestor/someCVE/tree/main/dst-admin-RCE • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-0649 – dst-admin sendBroadcast command injection
https://notcve.org/view.php?id=CVE-2023-0649
A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Ha0Liu/cveAdd/tree/developer/dst-admin%201.5.0%E5%90%8E%E5%8F%B0sendBroadcast%E6%8E%A5%E5%8F%A3%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C https://vuldb.com/?ctiid.220036 https://vuldb.com/?id.220036 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2023-0648 – dst-admin masterConsole command injection
https://notcve.org/view.php?id=CVE-2023-0648
A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Ha0Liu/cveAdd/tree/developer/dst-admin%201.5.0%E5%90%8E%E5%8F%B0masterConsole%E6%8E%A5%E5%8F%A3%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C https://vuldb.com/?ctiid.220035 https://vuldb.com/?id.220035 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2023-0647 – dst-admin kickPlayer command injection
https://notcve.org/view.php?id=CVE-2023-0647
A vulnerability, which was classified as critical, has been found in dst-admin 1.5.0. Affected by this issue is some unknown functionality of the file /home/kickPlayer. The manipulation of the argument userId leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Ha0Liu/cveAdd/blob/developer/dst-admin%201.5.0%E5%90%8E%E5%8F%B0kickPlayer%E6%8E%A5%E5%8F%A3%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C/Dst-admin%201.5.0%20background%20kickPlayer%20interface%20remote%20command%20execution.md https://vuldb.com/?ctiid.220034 https://vuldb.com/?id.220034 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2023-0646 – dst-admin cavesConsole command injection
https://notcve.org/view.php?id=CVE-2023-0646
A vulnerability classified as critical was found in dst-admin 1.5.0. Affected by this vulnerability is an unknown functionality of the file /home/cavesConsole. The manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Ha0Liu/cveAdd/tree/developer/dst-admin%201.5.0%E5%90%8E%E5%8F%B0cavesConsole%E6%8E%A5%E5%8F%A3%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C https://vuldb.com/?ctiid.220033 https://vuldb.com/?id.220033 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •