CVE-2023-6899

Source
https://cve.org/CVERecord?id=CVE-2023-6899
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6899.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-6899
Published
2023-12-17T12:31:04.408Z
Modified
2026-07-15T01:48:59.246358417Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
rmountjoy92 DashMachine Config save_config code injection
Details

A vulnerability classified as problematic was found in rmountjoy92 DashMachine 0.5-4. Affected by this vulnerability is an unknown functionality of the file /settings/saveconfig of the component Config Handler. The manipulation of the argument valuetemplate leads to code injection. The exploit has been disclosed to the public and may be used. The identifier VDB-248257 was assigned to this vulnerability.

Database specific
{
    "cwe_ids": [
        "CWE-94"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/6xxx/CVE-2023-6899.json",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "0.5-4"
                },
                {
                    "last_affected": "0.5-4"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/rmountjoy92/dashmachine

Affected ranges

Type
GIT
Repo
https://github.com/rmountjoy92/dashmachine
Events
Database specific
{
    "cpe": "cpe:2.3:a:rmountjoy92:dashmachine:0.5-4:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0.5-4"
        },
        {
            "last_affected": "0.5-4"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

0.*
0.5-4
v0.*
v0.5-4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6899.json"