CVE-2023-43187

A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:nodebb:nodebb:*:*:*:*:*:*:*:*

History

28 Sep 2023, 17:43

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:nodebb:nodebb:*:*:*:*:*:*:*:*
First Time Nodebb
Nodebb nodebb
References (MISC) https://github.com/jagat-singh-chaudhary/CVE/blob/main/CVE-2023-43187 - (MISC) https://github.com/jagat-singh-chaudhary/CVE/blob/main/CVE-2023-43187 - Exploit, Third Party Advisory
CWE CWE-91

27 Sep 2023, 15:19

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-27 15:19

Updated : 2024-02-28 20:33


NVD link : CVE-2023-43187

Mitre link : CVE-2023-43187

CVE.ORG link : CVE-2023-43187


JSON object : View

Products Affected

nodebb

  • nodebb
CWE
CWE-91

XML Injection (aka Blind XPath Injection)