# RCE vulnerability in Mirth Connect (CVE-2023-37679 and CVE-2023-43208)

This exploit script and PoC are written for an in-depth CVE analysis on [vsociety](
CVE-2023-43208 is a serious security bug in NextGen Mirth Connect, a tool used by hospitals and clinics to share patient data. This bug lets hackers break into the system without needing a password. Since Mirth Connect is widely used in healthcare, fixing this bug quickly is crucial to protect patient information.

The bug came to light after an earlier problem, CVE-2023-37679, was supposed to be fixed. However, the fix wasn't enough, leading to the discovery of CVE-2023-43208. This new issue affects all versions of Mirth Connect up to 4.4.0 and needs an update to version 4.4.1 to be safe.

## Usage

# Detection script
python3 https://localhost:8443

# Unix (default)
python3 -u https://localhost:8443 -c 'touch /tmp/proof'

# Windows
python3 -u https://localhost:8443 -c 'calc' -p win

## Disclaimer
This exploit script has been created solely for research and the development of effective defensive techniques. It is not intended to be used for any malicious or unauthorized activities. The script's author and owner disclaim any responsibility or liability for any misuse or damage caused by this software. Just so you know, users are urged to use this software responsibly and only by applicable laws and regulations. Use responsibly.