A vulnerability, which was classified as critical, has been found in rmountjoy92 DashMachine 0.5-4. Affected by this issue is some unknown functionality of the file /settings/delete_file. The manipulation of the argument file leads to path traversal: ‘../filedir’.

This vulnerability is handled as CVE-2023-6900. The attack needs to be done within the local network. Furthermore, there is an exploit available.