CVE-2023-43364
CRITICALSearchor <2.4.2 - Code Injection
Title source: llmDescription
main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution.
Exploits (2)
github
WORKING POC
by Kl3lCrypt · pythonpoc
https://github.com/Kl3lCrypt/cve-exploits/tree/main/CVE-2023-43364
nomisec
WORKING POC
by libertycityhacker · poc
https://github.com/libertycityhacker/CVE-2023-43364-Exploit-CVE
References (5)
Scores
CVSS v3
9.8
EPSS
0.2964
EPSS Percentile
96.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-74
CWE-94
Status
published
Products (2)
arjunsharda/searchor
< 2.4.2
pypi/searchor
0 - 2.4.2PyPI
Published
Dec 12, 2023
Tracked Since
Feb 18, 2026