qinming99 dst-admin Command Injection Vulnerability in revertBackup Function

Vulnerability

A command injection vulnerability has been identified in qinming99 dst-admin versions through 1.5.0. The issue arises in the revertBackup function within the file /home/restore, where user-controlled input is improperly sanitized, allowing attackers to inject arbitrary shell commands. This vulnerability can be exploited remotely, with public proof-of-concept exploits available.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the server, potentially leading to a complete server compromise.

Added: Feb 22, 2026, 10:18 PM

Updated: Feb 22, 2026, 10:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.0

remediation

0.0

relevance

3.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.0

remediation

0.0

relevance

3.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

qinming99 dst-admin Command Injection Vulnerability in revertBackup Function

Vulnerability

Impact

Affected Products

qinming99 dst-admin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating