Home / os / palm

BoidCMS 2.0.0 Command Injection

Posted on 01 March 2024

This Metasploit module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS versions 2.0.0 and below. BoidCMS allows the authenticated upload of a php file as media if the file has the GIF header, even if the file is a php file.

 

TOP