CVE-2023-43187
published 2023-09-27CVE-2023-43187: A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute…
PriorityP277critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
45.40%
98.6th percentile
A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nodebb | nodebb | < 1.18.6 | 1.18.6 |
Detection & IOCsextracted from sources · hover to see the quote
sigma↗
POST /xmlrpc.php with Content-Type: text/xml and body containing phpinfo()
- →Detect exploitation attempts by monitoring POST requests to /xmlrpc.php with Content-Type: text/xml; a successful exploit response will contain 'phpinfo()' or 'PHP Version' in the response body with HTTP 200. ↗
- →Identify NodeBB instances exposed on the internet using Shodan query cpe:"cpe:2.3:a:nodebb:nodebb" or FOFA query title="nodebb" to prioritize patching and monitoring. ↗
- →The attack is unauthenticated (PR:N) and network-reachable (AV:N), so any POST to /xmlrpc.php from an external IP should be treated as suspicious on NodeBB instances prior to v1.18.6. ↗
- ·The vulnerability affects NodeBB versions strictly prior to v1.18.6; instances already running v1.18.6 or later are not affected. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
NodeBB XML-RPC Request xmlrpc.php - XML Injection
nuclei·CVSS 9.8
CVE-2023-43187 [CRITICAL] NodeBB XML-RPC Request xmlrpc.php - XML Injection
NodeBB XML-RPC Request xmlrpc.php - XML Injection
A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests.
Template:
id: CVE-2023-43187
info:
name: NodeBB XML-RPC Request xmlrpc.php - XML Injection
author: 0xParth
severity: critical
description: |
A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests.
impact: |
Unauthenticated attackers can inject arbitrary PHP code through crafted XML-RPC requests to the xmlrpc.php endpoint, potentially gaining full control over the NodeBB forum server and accessing user dat
No writeups or analysis indexed.
2023-09-27
Published