## https://sploitus.com/exploit?id=5A53FAEA-2397-5593-B489-05C5166EF388
# CVE-2023-43208: Unauthenticated Remote Code Execution (RCE) in NextGen Mirth Connect


This exploit leverages a critical deserialization vulnerability within Mirth Connect's XStream engine. It stems from an incomplete patch for CVE-2023-37679, enabling unauthenticated arbitrary code execution across all versions prior to 4.4.1.
## Usage
```bash
python3 mirth_rce.py https://{target}
```
## Disclaimer
This exploit script is intended strictly for educational purposes and authorized security auditing to assist defenders in mitigating CVE-2023-43208; any use of this tool against unauthorized targets is illegal and the sole responsibility of the end user. The author provides this software "as is" without any warranties, disclaims all liability for potential misuse or damages, and does not condone or encourage unauthorized activities. Use at your own risk and only in compliance with applicable laws.