.. / CVE-2023-42344

Exploit for OpenCMS - XML external entity (XXE) (CVE-2023-42344)

Description:

users can execute code without authentication. An attacker can execute malicious requests on the OpenCms server. When the requests are successful vulnerable OpenCms can be exploited resulting in an unauthenticated XXE vulnerability. Based on research OpenCMS versions from 9.0.0 to 10.5.0 are vulnerable.

Nuclei Template

View the template here CVE-2023-42344.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-42344.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-42344
https://blog.qualys.com/product-tech/2023/12/08/opencms-unauthenticated-xxe-vulnerability-cve-2023-42344
https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms/