all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

BoidCMS 2.0.0 Command Injection

Add to bookmarks
March 1, 2024, 4:21 p.m. |

Packet Storm packetstormsecurity.com

This Metasploit module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS versions 2.0.0 and below. BoidCMS allows the authenticated upload of a php file as media if the file has the GIF header, even if the file is a php file.

bug command command injection cve file gif header injection media metasploit php upload

Visit resource

More from packetstormsecurity.com / Packet Storm

Ubuntu Security Notice USN-6757-2 11 hours ago | packetstormsecurity.com
arbitrary code attacker code crash +16
Ubuntu Security Notice USN-6762-1 11 hours ago | packetstormsecurity.com
arbitrary code attacker attackers code +15
SOPlanning 1.52.00 SQL Injection 11 hours ago | packetstormsecurity.com
injection php projects sql +5
SOPlanning 1.52.00 Cross Site Request Forgery 11 hours ago | packetstormsecurity.com
forgery php request version +2
SOPlanning 1.52.00 Cross Site Scripting 11 hours ago | packetstormsecurity.com
cross site scripting php scripting version +2
Red Hat Security Advisory 2024-2679-03 11 hours ago | packetstormsecurity.com
advisory enterprise free linux +7
Red Hat Security Advisory 2024-2674-03 11 hours ago | packetstormsecurity.com
advisory enterprise kernel linux +5
Red Hat Security Advisory 2024-2071-03 11 hours ago | packetstormsecurity.com
advisory bugs container fix +10
Red Hat Security Advisory 2024-2068-03 11 hours ago | packetstormsecurity.com
advisory bugs container denial of service +13

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Senior Security Engineer - Detection and Response

@ Fastly, Inc. | US (Remote)
View on infosec-jobs.com

Application Security Engineer

@ Solidigm | Zapopan, Mexico
View on infosec-jobs.com

Defensive Cyber Operations Engineer-Mid

@ ISYS Technologies | Aurora, CO, United States
View on infosec-jobs.com

Manager, Information Security GRC

@ OneTrust | Atlanta, Georgia
View on infosec-jobs.com

Senior Information Security Analyst | IAM

@ EBANX | Curitiba or São Paulo
View on infosec-jobs.com

Senior Information Security Engineer, Cloud Vulnerability Research

@ Google | New York City, USA; New York, USA
View on infosec-jobs.com
View more jobs