Lucene search
HistoryAug 21, 2023 - 5:15 p.m.
CVE-2023-38836
vulnerability
boidcms
file upload
remote code execution
gif
header
mime type checks
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
0.673 Medium
EPSS
Percentile
98.0%
File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks.
Affected configurations
Node
boidcmsboidcmsMatch2.0.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| boidcms:boidcms | boidcms | eq | 2.0.0 |
Related
osv
osv
CVE-2023-38836
2023-08-21 17:15:47
zdt
zdt
BoidCMS v2.0.0 - authenticated file upload Exploit
2023-10-09 00:00:00
BoidCMS 2.0.0 Command Injection Exploit
2024-03-02 00:00:00
metasploit
metasploit
BoidCMS Command Injection
2024-02-12 23:44:24
cvelist
cvelist
CVE-2023-38836
2023-08-21 00:00:00
githubexploit
githubexploit
Exploit for Unrestricted Upload of File with Dangerous Type in Boidcms
2023-08-16 14:30:30
nvd
nvd
CVE-2023-38836
2023-08-21 17:15:47
prion
prion
Unrestricted file upload
2023-08-21 17:15:00
packetstorm
packetstorm
BoidCMS 2.0.0 Command Injection
2024-03-01 00:00:00
BoidCMS 2.0.0 Shell Upload
2023-10-10 00:00:00
exploitdb
exploitdb
BoidCMS v2.0.0 - authenticated file upload vulnerability
2023-10-09 00:00:00
rapid7blog
rapid7blog
Metasploit Wrap-Up 03/08/2024
2024-03-08 17:00:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
0.673 Medium
EPSS
Percentile
98.0%
Related for CVE-2023-38836