CVE-2026-2956

Name of the Vulnerable Software and Affected Versions qinming99 dst-admin versions up to 1.5.0

Description A security flaw exists in qinming99 dst-admin up to version 1.5.0. The issue is related to command injection in the revertBackup function located in the /home/restore file. The Name argument can be manipulated to trigger this flaw. This allows for remote attacks. The exploit has been publicly released. The vendor was notified but did not respond.

Recommendations Versions prior to 1.5.0 are affected. As a temporary workaround, consider restricting access to the /home/restore file to minimize the risk of exploitation. Avoid using the Name argument in the revertBackup function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.