CVE-2023-43187
CRITICAL NUCLEINodeBB < 1.18.6 - Remote Code Execution via XML-RPC Request
Title source: llmExploitation Summary
CVE-2023-43187 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests.
Nuclei Templates (1)
NodeBB XML-RPC Request xmlrpc.php - XML Injection
CRITICALby 0xParth
Shodan:
cpe:"cpe:2.3:a:nodebb:nodebb"
FOFA:
title="nodebb"
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://github.com/jagat-singh-chaudhary/CVE/blob/main/CVE-2023-43187
Scores
CVSS v3
9.8
EPSS
0.4540
EPSS Percentile
98.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-91
Status
published
Products (1)
nodebb/nodebb
< 1.18.6
Published
Sep 27, 2023
Tracked Since
Feb 18, 2026