CVE-2023-43187

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Sep 27, 2023

Updated: Sep 28, 2023

CWE ID 91

Summary

CVE-2023-43187 is a remote code execution (RCE) vulnerability affecting the xmlrpc.php endpoint in NodeBB Inc's NodeBB forum software. This issue, which occurs before version 1.18.6, allows malicious actors to execute arbitrary code by sending crafted XML-RPC requests. Successful exploitation could lead to server compromise or data theft. Users are strongly advised to upgrade to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

NodeBB

Affected Vendors

Nodebb

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/suM2Ev
https://www.cve.org/CVERecord?id=CVE-2023-43187
https://nvd.nist.gov/vuln/detail/CVE-2023-43187

Back to Vulnerability Database