CVE-2023-6886: Improper Control of Generation of Code ('Code Injection')

December 17, 2023 (updated December 21, 2023)

A vulnerability was found in xnx3 wangmarket 6.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Role Management Page. The manipulation leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248246 is the identifier assigned to this vulnerability.

References

github.com/advisories/GHSA-3x3w-849q-423v
github.com/xnx3/wangmarket/issues/8
nvd.nist.gov/vuln/detail/CVE-2023-6886
vuldb.com/?ctiid.248246
vuldb.com/?id.248246

Code Behaviors & Features

Detect and mitigate CVE-2023-6886 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →