Nodebb · Nodebb · CVE-2023-43187
**Name of the Vulnerable Software and Affected Versions**
NodeBB versions prior to 1.18.6
**Description**
A remote code execution issue in the "xmlrpc.php" endpoint allows attackers to execute arbitrary code via crafted XML-RPC requests.
**Recommendations**
For versions prior to 1.18.6, update to version 1.18.6 or later to resolve the issue.
As a temporary workaround, consider restricting access to the "xmlrpc.php" endpoint until a patch is applied.