CVE-2023-43187

Critical

A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows…

mitre·CWE-91·Published 2023-09-26

CVSS

9.8

EPSS

0.45

KEV

Exploits

cve.orgen

196 chars

A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests.

NVDen

196 chars

A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests.

NVDes

238 chars

Una vulnerabilidad de ejecución remota de código (RCE) en el endpoint xmlrpc.php del software del foro NodeBB Inc de NodeBB anterior a v1.18.6 permite a los atacantes ejecutar código arbitrario a través de solicitudes XML-RPC manipuladas.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H