Published: 21/08/2023 Updated: 10/10/2023

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

File Upload vulnerability in BoidCMS v.2.0.0 allows a remote malicious user to execute arbitrary code by adding a GIF header to bypass MIME type checks.

Vulnerable Product	Search on Vulmon	Subscribe to Product
boidcms boidcms 2.0.0

BoidCMS versions 200 and below suffer from a remote shell upload vulnerability ...

This Metasploit module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS versions 200 and below BoidCMS allows the authenticated upload of a php file as media if the file has the GIF header, even if the file is a php file ...

Exploit for file upload vulnerability in BoidCMS version <=2.0.0

CVE-2023-38836 Exploit File Upload vulnerability in BoidCMS v200 allows an authenticated attacker to upload a file with dangerous type (CWE-434) To exploit, an attacker could add a GIF header to bypass MIME type checks GIF89a; <?php system($_GET["cmd"]); ?> Usage usage: exppy [-h] [-u URL] [-l USER] [-p PASSW

CWE-434 http://boidcms.com https://github.com/BoidCMS/BoidCMS/issues/27 http://packetstormsecurity.com/files/175026/BoidCMS-2.0.0-Shell-Upload.html https://nvd.nist.gov https://github.com/1337kid/CVE-2023-38836 https://packetstormsecurity.com/files/175026/BoidCMS-2.0.0-Shell-Upload.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-38836

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect