CRITICAL🇵🇱 Wersja polska

CVE-2023-43187

CVSS 9.8v3.1pub. 2023-09-27upd. 2024-11-21

A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Nodebb

    APP
    Nodebb
    < 1.18.6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2023-26045CRITICAL10.0ten sam produkt

NodeBB is Node.js based forum software. Starting in version 2.5.0 and prior to version 2.8.7, due to the use o...

CVE-2022-46164CRITICAL9.4ten sam produkt

NodeBB is an open source Node.js based forum software. Due to a plain object with a prototype being used in so...

CVE-2022-36045CRITICAL9.0ten sam produkt

NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. It u...

CVE-2021-43787CRITICAL9.0ten sam produkt

Nodebb is an open source Node.js based forum software. In affected versions a prototype pollution vulnerabilit...

CVE-2021-43786CRITICAL9.8ten sam produkt

Nodebb is an open source Node.js based forum software. In affected versions incorrect logic present in the tok...