MidnightBSD

Advisories for rmountjoy92

CVE-2023-6899 MEDIUM

A vulnerability classified as problematic was found in rmountjoy92 DashMachine 0.5-4. Affected by this vulnerability is an unknown functionality of the file /settings/save_config of the component Config Handler. The manipulation of the argument value_template leads to code injection. The exploit has been disclosed to the public and may be used. The identifier VDB-248257 was assigned to this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
cna@vuldb.com 4.3 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L 0.9 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
rmountjoy92 dashmachine 0.5-4
CVE-2023-6900 MEDIUM

A vulnerability, which was classified as critical, has been found in rmountjoy92 DashMachine 0.5-4. Affected by this issue is some unknown functionality of the file /settings/delete_file. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-248258 is the identifier assigned to this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2
cna@vuldb.com 4.6 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L 2.1 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-24,CWE-22,

Products Affected

Vendor Product Version
rmountjoy92 dashmachine 0.5-4