Vulnerabilities > CVE-2023-6899 - Unspecified vulnerability in Rmountjoy92 Dashmachine 0.54

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

rmountjoy92

critical

NVD

Published: 2023-12-17

Updated: 2024-11-21

Summary

A vulnerability classified as problematic was found in rmountjoy92 DashMachine 0.5-4. Affected by this vulnerability is an unknown functionality of the file /settings/save_config of the component Config Handler. The manipulation of the argument value_template leads to code injection. The exploit has been disclosed to the public and may be used. The identifier VDB-248257 was assigned to this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Rmountjoy92 Rmountjoy92 Dashmachine 0.5-4	1

References

https://treasure-blarney-085.notion.site/DashMachine-Unauthorized-RCE-931a35a81af9448ebe9fb4cd904d4a0c
https://treasure-blarney-085.notion.site/DashMachine-Unauthorized-RCE-931a35a81af9448ebe9fb4cd904d4a0c
https://vuldb.com/?ctiid.248257
https://vuldb.com/?ctiid.248257
https://vuldb.com/?id.248257
https://vuldb.com/?id.248257