CVE-2023-6899

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-6899

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6899.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-6899

Published

2023-12-17T13:15:42Z

Modified

2025-01-14T12:08:50.879901Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability classified as problematic was found in rmountjoy92 DashMachine 0.5-4. Affected by this vulnerability is an unknown functionality of the file /settings/saveconfig of the component Config Handler. The manipulation of the argument valuetemplate leads to code injection. The exploit has been disclosed to the public and may be used. The identifier VDB-248257 was assigned to this vulnerability.

References

Affected packages

Git / github.com/rmountjoy92/dashmachine

Affected ranges

Type: GIT
Repo: https://github.com/rmountjoy92/dashmachine
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

63b7864ca5bca96de16598ef5865ec75c1240720

Affected versions

v0.*

v0.5-4