Headline
CVE-2023-38836
File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code via the GIF header component.
Related news
BoidCMS 2.0.0 Command Injection
This Metasploit module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS versions 2.0.0 and below. BoidCMS allows the authenticated upload of a php file as media if the file has the GIF header, even if the file is a php file.
BoidCMS 2.0.0 Shell Upload
BoidCMS versions 2.0.0 and below suffer from a remote shell upload vulnerability.