DashMachine Code Injection Vulnerability

DashMachine is a web application bookmarking dashboard by Ross Mountjoy Individual Developer. A code injection vulnerability exists in DashMachine version 0.5-4, where the parameter valuetemplate in the source file /settings/saveconfig can lead to code injection...

PT-2023-32808 · Rmountjoy92 · Dashmachine

Name of the Vulnerable Software and Affected Versions: rmountjoy92 DashMachine versions 0.5-4 Description: A problematic issue was found in the Config Handler component, specifically in the /settings/save config file. The manipulation of the value template argument leads to code injection. The...