CVE-2023-43323

MEDIUM NUCLEI

mooSocial 3.1.8 - Server-Side Request Forgery via Post Function Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-43323. PoCs published by ahrixia. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository provides a functional proof-of-concept for CVE-2023-43323, demonstrating an SSRF vulnerability in mooSocial v3.1.8. The exploit leverages the 'data[userShareVideo]' parameter to trigger external HTTP/DNS requests to an attacker-controlled server.

Description

mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, data[wall_photo], data[userShareVideo] and data[userShareLink].

Exploits (1)

nomisec WORKING POC 1 stars
by ahrixia · poc
https://github.com/ahrixia/CVE-2023-43323

The repository provides a functional proof-of-concept for CVE-2023-43323, demonstrating an SSRF vulnerability in mooSocial v3.1.8. The exploit leverages the 'data[userShareVideo]' parameter to trigger external HTTP/DNS requests to an attacker-controlled server.

Classification
Working Poc 90%
Attack Type
Ssrf
Complexity
Trivial
Reliability
Reliable
Target: mooSocial v3.1.8
Auth required
Prerequisites: Access to a vulnerable mooSocial instance · Valid authentication credentials
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

mooSocial 3.1.8 - External Service Interaction
MEDIUMby ritikchaddha
Shodan: http.favicon.hash:702863115clear
FOFA: mooSocial || moosocial || icon_hash="702863115"

References (1)

Core 1
Core References
Exploit, Third Party Advisory
https://github.com/ahrixia/CVE-2023-43323

Scores

CVSS v3 6.5
EPSS 0.0186
EPSS Percentile 76.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-15
Status published
Products (1)
moosocial/moosocial 3.1.8
Published Sep 28, 2023
Tracked Since Feb 18, 2026