CVE-2023-6899

Sažetak

A vulnerability classified as problematic was found in rmountjoy92 DashMachine 0.5-4. Affected by this vulnerability is an unknown functionality of the file /settings/save_config of the component Config Handler. The manipulation of the argument value_template leads to code injection. The exploit has been disclosed to the public and may be used. The identifier VDB-248257 was assigned to this vulnerability.

Reference

https://treasure-blarney-085.notion.site/DashMachine-Unauthorized-RCE-931a35a81af9448ebe9fb4cd904d4a0c
https://vuldb.com/?ctiid.248257
https://vuldb.com/?id.248257

CVSS

Base:	4.7
Impact:	6.4
Exploitability:	4.1

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	LOW	MULTIPLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:A/AC:L/Au:M/C:P/I:P/A:P

Zadnje važnije ažuriranje

20-12-2023 - 20:29

Objavljeno

17-12-2023 - 13:15