{"id":"CVE-2023-43187","details":"A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests.","modified":"2026-07-08T06:27:12.189554937Z","published":"2023-09-26T00:00:00Z","database_specific":{"cna_assigner":"mitre","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/43xxx/CVE-2023-43187.json"},"references":[{"type":"WEB","url":"https://github.com/jagat-singh-chaudhary/CVE/blob/main/CVE-2023-43187"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/43xxx/CVE-2023-43187.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43187"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nodebb/nodebb","events":[{"introduced":"0"},{"fixed":"22e74dc0bb9cf296f548ad3b67ba1d297e4a7dc1"}],"database_specific":{"source":"CPE_RANGE","cpe":"cpe:2.3:a:nodebb:nodebb:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"1.18.6"}]}}],"versions":["v1.18.4","v1.18.3","v1.18.2","v1.18.1","v1.18.0","v1.17.0-beta.5","v1.17.0-beta.4","v1.17.0-beta.3","v1.17.0-beta.2","v1.17.0-beta.0","v1.16.1-beta.0","v1.15.3-beta.0","v1.15.2-beta.1","v1.15.2-beta.0","v1.15.1","v1.15.1-beta.0","v1.15.0","v1.15.0-rc.5","v1.15.0-rc.4","v1.15.0-rc.3","v1.15.0-rc.1","v1.15.0-rc.0","v1.15.0-beta.30","v1.15.0-beta.29","v1.15.0-beta.27","v1.15.0-beta.25","v1.15.0-beta.24","v1.15.0-beta.23","v1.15.0-beta.22","v1.15.0-beta.21","v1.15.0-beta.19","v1.15.0-beta.18","v1.15.0-beta.17","v1.15.0-beta.16","v1.15.0-beta.15","v1.15.0-beta.14","v1.15.0-beta.13","v1.15.0-beta.12","v1.15.0-beta.11","v1.15.0-beta.10","v1.15.0-beta.9","v1.15.0-beta.8","v1.15.0-beta.7","v1.15.0-beta.6","v1.15.0-beta.5","v1.15.0-beta.4","v1.15.0-beta.3","v1.15.0-beta.2","v1.15.0-beta.1","v1.15.0-beta.0","v1.14.3-beta.16","v1.14.3-beta.15","v1.14.3-beta.14","v1.14.3-beta.13","v1.14.3-beta.12","v1.14.3-beta.11","v1.14.3-beta.10","v1.14.3-beta.9","v1.14.3-beta.8","v1.14.3-beta.7","v1.14.3-beta.6","v1.14.3-beta.5","v1.14.3-beta.4","v1.14.3-beta.0","v1.14.2-beta.1","v1.14.1-beta.3","v1.14.1-beta.1","v1.14.1-beta.0","v1.5.3","v0.9.2","v0.5.0-2","v0.5.0-1","v0.3.2","v0.3.1","v0.3.0","v0.2.0","v0.0.6","v0.0.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-43187.json"}}],"schema_version":"1.7.5"}