CVE-2023-43364

CRITICAL

searchor < 2.4.2 - Remote Code Execution via CLI Input

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2023-43364. PoCs published by Kl3lCrypt, libertycityhacker.

AI-analyzed exploit summary The repository contains a functional exploit for CVE-2023-43364, which targets a critical RCE vulnerability in Searchor CLI (≤2.4.1) due to unsafe use of `eval()`. The exploit crafts a malicious payload to achieve remote code execution via a reverse shell.

Description

main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution.

Exploits (2)

github WORKING POC

by Kl3lCrypt · pythonpoc

https://github.com/Kl3lCrypt/cve-exploits/tree/main/CVE-2023-43364

View Code ZIP pw:eip

The repository contains a functional exploit for CVE-2023-43364, which targets a critical RCE vulnerability in Searchor CLI (≤2.4.1) due to unsafe use of `eval()`. The exploit crafts a malicious payload to achieve remote code execution via a reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Searchor CLI (≤2.4.1)

No auth needed

Prerequisites: Network access to the target service · Python environment to run the exploit · Listener (e.g., netcat) for reverse shell

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec WORKING POC

by libertycityhacker · poc

https://github.com/libertycityhacker/CVE-2023-43364-Exploit-CVE