Primary

Context

qinming99 dst-admin Denial-of-Service Vulnerability in Backup Controller Function

Vulnerability

A denial-of-service vulnerability has been identified in qinming99 dst-admin versions through 1.5.0. The issue arises in the BackupController's deleteBackup function, where user-controlled input is not properly validated before being processed. This vulnerability allows authenticated attackers to disrupt service by exploiting the flawed input handling.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing a disruption in the application's normal functioning.

Reproduction

To reproduce this vulnerability, an authenticated user can send a POST request to the /backup/deleteBackup endpoint. The request must include a JSON array of file paths to be deleted. Since the input is not properly validated, this can be used to delete arbitrary files accessible to the application user.

Added: Feb 22, 2026, 11:18 PM

Updated: Feb 22, 2026, 11:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.0

remediation

0.0

relevance

3.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.0

remediation

0.0

relevance

3.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

qinming99 dst-admin Denial-of-Service Vulnerability in Backup Controller Function

Vulnerability

Impact

Reproduction

Affected Products

qinming99 dst-admin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating