{"id":"CVE-2023-6309","summary":"moses-smt mosesdecoder trans_result.php os command injection","details":"A vulnerability, which was classified as critical, was found in moses-smt mosesdecoder up to 4.0. This affects an unknown part of the file contrib/iSenWeb/trans_result.php. The manipulation of the argument input1 leads to os command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246135.","modified":"2026-07-11T04:41:39.404869Z","published":"2023-11-27T01:31:05.012Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/6xxx/CVE-2023-6309.json","cna_assigner":"VulDB","cwe_ids":["CWE-78"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/6xxx/CVE-2023-6309.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6309"},{"type":"ADVISORY","url":"https://vuldb.com/?id.246135"},{"type":"REPORT","url":"https://github.com/moses-smt/mosesdecoder/issues/237"},{"type":"REPORT","url":"https://vuldb.com/?ctiid.246135"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/moses-smt/mosesdecoder","events":[{"introduced":"65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8"},{"fixed":"65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8"}],"database_specific":{"cpe":"cpe:2.3:a:moses-smt:mosesdecoder:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"4.0"},{"last_affected":"4.0"},{"introduced":"0"},{"fixed":"4.0"}],"source":["AFFECTED_FIELD","CPE_RANGE"]}}],"versions":["4.0"],"database_specific":{"vanir_signatures_modified":"2026-07-11T04:41:39Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6309.json","vanir_signatures":[{"target":{"file":"moses2/PhraseBased/Manager.cpp"},"source":"https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["287799047509587991674869595905362083999","194014147465151276086725446532518972482","54556868642469713685637384158847552438","305293933092946706212455641990429689917","164938762843142924974016788741402971396","327145125206464237521372156096953221977","234773954176797209531456115597982703158"]},"deprecated":false,"signature_type":"Line","id":"CVE-2023-6309-0ae1002e"},{"target":{"file":"moses2/legacy/Bitmaps.h"},"source":"https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["207172663435752969340917940283201476354","197241871430959707446725766341289685438"]},"deprecated":false,"signature_type":"Line","id":"CVE-2023-6309-21d2daea"},{"target":{"file":"moses2/Main.cpp"},"source":"https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["77015291220887071739383473423043162250","4791519720846525949517920688764110876","8110439303748515608239307500976140318","116055660889892962530777476981821538082"]},"deprecated":false,"signature_type":"Line","id":"CVE-2023-6309-29023eb6"},{"target":{"file":"moses2/FF/StatelessFeatureFunction.h"},"source":"https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["6106077494158834408191727108293064896","37367592069878887743139942173560473656"]},"deprecated":false,"signature_type":"Line","id":"CVE-2023-6309-2938d389"},{"target":{"file":"moses2/defer/CubePruningCardinalStack/Stack.h"},"source":"https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["163154644638348233158395153374325907810","107191173141483463899007190751372325432","77534081765974908153959284095222812456","69340196871160383827602960232189243965","283826973313577643352788803864976472879","7757581711386589369271224138387330704","104941240749221153233647790800432302117"]},"deprecated":false,"signature_type":"Line","id":"CVE-2023-6309-34166ffb"},{"target":{"file":"moses2/defer/CubePruningBitmapStack/Misc.h"},"source":"https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["235911648813310825851127682912219700901","241805756202622770009768560353220183352","190857528106358254107234541323657527413","185196893019859075809214484981778396367","300861718470050016832035136251634166699","139548751621167405315622285218600146942","126894741173841347561463312460864546154","63697558579940042639977239828372600886"]},"deprecated":false,"signature_type":"Line","id":"CVE-2023-6309-4b4ed93c"},{"target":{"file":"moses2/HypothesisColl.h"},"source":"https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["66339231305232658671109981124880252781","320412668135699447618793268470709233076","189800262004595559869319819038430072588"]},"deprecated":false,"signature_type":"Line","id":"CVE-2023-6309-5b55d017"},{"target":{"file":"moses2/defer/CubePruningBitmapStack/Stack.h"},"source":"https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["163154644638348233158395153374325907810","107191173141483463899007190751372325432","77534081765974908153959284095222812456","291478699453865245521091780254996202313","277326330914393770064616620249550461600","304767212978406107484137588123765534101","104941240749221153233647790800432302117"]},"deprecated":false,"signature_type":"Line","id":"CVE-2023-6309-5cae96b8"},{"target":{"file":"moses2/defer/CubePruningPerBitmap/Misc.h"},"source":"https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["235911648813310825851127682912219700901","241805756202622770009768560353220183352","190857528106358254107234541323657527413","185196893019859075809214484981778396367","300861718470050016832035136251634166699","139548751621167405315622285218600146942","139659351680358969733224333488732988854","63363215336700645376042090824945750025"]},"deprecated":false,"signature_type":"Line","id":"CVE-2023-6309-646a3103"},{"target":{"file":"moses2/PhraseBased/CubePruningMiniStack/Stack.h"},"source":"https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["163154644638348233158395153374325907810","107191173141483463899007190751372325432","77534081765974908153959284095222812456"]},"deprecated":false,"signature_type":"Line","id":"CVE-2023-6309-6d28581f"},{"target":{"function":"Temp","file":"moses2/Main.cpp"},"source":"https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8","signature_version":"v1","digest":{"length":540,"function_hash":"182353790773938809587114032224525926475"},"deprecated":false,"signature_type":"Function","id":"CVE-2023-6309-8476ec83"},{"target":{"file":"moses2/PhraseBased/Normal/Stack.h"},"source":"https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["182266515569901985806693369413740811617","77534081765974908153959284095222812456"]},"deprecated":false,"signature_type":"Line","id":"CVE-2023-6309-9a030828"},{"target":{"file":"moses2/SCFG/nbest/NBests.h"},"source":"https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["334633140571608706651991760190116077768","172618108275161822371952686497418417879","286601356145049915873519652833739356738","79475622298012707981381407042257845715","319075604201523007646459466599977162279","243605047432511047232395539695014523064"]},"deprecated":false,"signature_type":"Line","id":"CVE-2023-6309-a8037bdd"},{"target":{"file":"moses2/legacy/FactorCollection.h"},"source":"https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["317347614599550526183274876323754920649","265241503700140694676230279881342347895","336899072829365001445922648494577655375","82771307390077287839818496465811443348","32769400282768707602339163747587012272","197733840876450594093183512195221703502","29466725951482136827394878048949787616","208595512770669292990126850629065182828"]},"deprecated":false,"signature_type":"Line","id":"CVE-2023-6309-ab9b934a"},{"target":{"file":"moses2/SCFG/Misc.h"},"source":"https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["302930751195726194749262172417285968727","294810810201566152430893661985602021351","316900431191805631482398076372878741818","315455630917953417723530621105578741463","263702779483625592042552064634311638876","249695478392695360639588472260144041887","212546069056548199902373813758761046341","130208245571562311497916336758327426760"]},"deprecated":false,"signature_type":"Line","id":"CVE-2023-6309-b1b2f9c3"},{"target":{"file":"moses2/FF/StatefulFeatureFunction.h"},"source":"https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["56942818565358178888652249451036578736","52225132572542106361403908754465133770"]},"deprecated":false,"signature_type":"Line","id":"CVE-2023-6309-c2704bde"},{"target":{"file":"moses2/defer/CubePruningPerMiniStack/Misc.h"},"source":"https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["235911648813310825851127682912219700901","241805756202622770009768560353220183352","190857528106358254107234541323657527413","185196893019859075809214484981778396367","300861718470050016832035136251634166699","139548751621167405315622285218600146942","139659351680358969733224333488732988854","63363215336700645376042090824945750025"]},"deprecated":false,"signature_type":"Line","id":"CVE-2023-6309-c5595698"},{"target":{"file":"moses2/defer/CubePruningCardinalStack/Misc.h"},"source":"https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["235911648813310825851127682912219700901","241805756202622770009768560353220183352","190857528106358254107234541323657527413","185196893019859075809214484981778396367","300861718470050016832035136251634166699","139548751621167405315622285218600146942","139659351680358969733224333488732988854","63363215336700645376042090824945750025"]},"deprecated":false,"signature_type":"Line","id":"CVE-2023-6309-c850b032"},{"target":{"file":"moses2/PhraseBased/CubePruningMiniStack/Misc.h"},"source":"https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["235911648813310825851127682912219700901","241805756202622770009768560353220183352","190857528106358254107234541323657527413","185196893019859075809214484981778396367","261570824187461698520361629733246730916","255161395853958434367429642675049210421","337325582187597172420921535553295808433","207207774955736515860094285894789123721"]},"deprecated":false,"signature_type":"Line","id":"CVE-2023-6309-e0d2decf"},{"target":{"file":"moses2/Phrase.h"},"source":"https://github.com/moses-smt/mosesdecoder/commit/65c75ff0739ee2f88fc423ec1ad074e1b9b4a9b8","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["155182889077358448335846357036652658686"]},"deprecated":false,"signature_type":"Line","id":"CVE-2023-6309-e96a0420"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}]}