cbcvebase.
CVE-2023-43187
published 2023-09-27

CVE-2023-43187: A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute…

PriorityP277critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
45.40%
98.6th percentile
A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests.

Affected

1 ranges
VendorProductVersion rangeFixed in
nodebbnodebb< 1.18.61.18.6

Detection & IOCsextracted from sources · hover to see the quote

path/xmlrpc.php
commandsystem.listMethods
sigma
POST /xmlrpc.php with Content-Type: text/xml and body containing phpinfo()
  • Detect exploitation attempts by monitoring POST requests to /xmlrpc.php with Content-Type: text/xml; a successful exploit response will contain 'phpinfo()' or 'PHP Version' in the response body with HTTP 200.
  • Identify NodeBB instances exposed on the internet using Shodan query cpe:"cpe:2.3:a:nodebb:nodebb" or FOFA query title="nodebb" to prioritize patching and monitoring.
  • The attack is unauthenticated (PR:N) and network-reachable (AV:N), so any POST to /xmlrpc.php from an external IP should be treated as suspicious on NodeBB instances prior to v1.18.6.
  • ·The vulnerability affects NodeBB versions strictly prior to v1.18.6; instances already running v1.18.6 or later are not affected.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.