CVE-2023-6899

Published: Dec 17, 2023Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability classified as problematic was found in rmountjoy92 DashMachine 0.5-4. Affected by this vulnerability is an unknown functionality of the file /settings/save_config of the component Config Handler. The manipulation of the argument value_template leads to code injection. The exploit has been disclosed to the public and may be used. The identifier VDB-248257 was assigned to this vulnerability.

Affected (1)

Products: Rmountjoy92: Dashmachine

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Rmountjoy92 Dashmachine	Version 0.5-4

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (6)

https://treasure-blarney-085.notion.site/DashMachine-Unauthorized-RCE-931a35a81af9448ebe9fb4cd904d4a0c

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?ctiid.248257

Source: cna@vuldb.com

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.248257

Source: cna@vuldb.com

Third Party Advisory

https://treasure-blarney-085.notion.site/DashMachine-Unauthorized-RCE-931a35a81af9448ebe9fb4cd904d4a0c

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://vuldb.com/?ctiid.248257

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.248257

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.