CVE-2023-6899

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-6899
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6899.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-6899
Published
2023-12-17T13:15:42.910Z
Modified
2026-03-14T12:23:38.769218Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability classified as problematic was found in rmountjoy92 DashMachine 0.5-4. Affected by this vulnerability is an unknown functionality of the file /settings/saveconfig of the component Config Handler. The manipulation of the argument valuetemplate leads to code injection. The exploit has been disclosed to the public and may be used. The identifier VDB-248257 was assigned to this vulnerability.

References

Affected packages

Git / github.com/rmountjoy92/dashmachine

Affected ranges

Type
GIT
Repo
https://github.com/rmountjoy92/dashmachine
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
63b7864ca5bca96de16598ef5865ec75c1240720
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.5-4"
        }
    ]
}

Affected versions

v0.*
v0.5-4

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6899.json"