47 matches found
Exploit for PHP Remote File Inclusion in Boidcms
No d...
CVE-2026-39387
BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vulnerable to a critical Local File Inclusion LFI attack via the tpl parameter, which can lead to Remote Code Execution RCE.The application fails to...
CVE-2026-39387 BoidCMS: Local File Inclusion (LFI) leads to Remote Code Execution (RCE) via tpl parameter
BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vulnerable to a critical Local File Inclusion LFI attack via the tpl parameter, which can lead to Remote Code Execution RCE.The application fails to...
CVE-2026-39387
BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vulnerable to a critical Local File Inclusion LFI attack via the tpl parameter, which can lead to Remote Code Execution RCE.The application fails to...
CVE-2026-39387
BoidCMS, a PHP-based flat-file CMS, before v2.1.3 is vulnerable to a critical Local File Inclusion via the tpl parameter that is passed directly to require_once without proper path validation. An authenticated administrator can inject path traversal (../) to escape the theme directory and include...
PT-2026-32961
BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vulnerable to a critical Local File Inclusion LFI attack via the tpl parameter, which can lead to Remote Code Execution RCE.The application fails to...
BoidCMS 安全漏洞
BoidCMS is an open-source, free CMS for flat files. It’s used to build simple websites and blogs. It’s developed using PHP and JSON as the database. Versions of BoidCMS prior to 2.1.3 had security vulnerabilities. These vulnerabilities stemmed from insufficient cleanup of tpl parameters, which...
EUVD-2024-50519
Malicious code in bioql PyPI...
EUVD-2023-52855
Malicious code in bioql PyPI...
CVE-2024-53255
BoidCMS is a free and open-source flat file CMS for building simple websites and blogs, developed using PHP and uses JSON as a database. In affected versions a reflected Cross-site Scripting XSS vulnerability exists in the /admin?page=media endpoint in the file parameter, allowing an attacker to...
CVE-2023-48824
BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the title, subtitle, footer, or keywords parameter in a page=create action...
CVE-2023-38836
File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks...
CVE-2024-53255
BoidCMS is a free and open-source flat file CMS for building simple websites and blogs, developed using PHP and uses JSON as a database. In affected versions a reflected Cross-site Scripting XSS vulnerability exists in the /admin?page=media endpoint in the file parameter, allowing an attacker to...
CVE-2024-53255
BoidCMS contains a reflected XSS in the "/admin?page=media" endpoint, specifically the file parameter. Affected versions are prior to 2.1.2 . Successful exploitation could inject arbitrary JavaScript to steal session cookies, perform phishing, or deface the site. The issue has been addressed in v...
CVE-2024-53255 Reflected Cross-site Scripting in /admin?page=media via file Parameter in BoidCMS
BoidCMS is a free and open-source flat file CMS for building simple websites and blogs, developed using PHP and uses JSON as a database. In affected versions a reflected Cross-site Scripting XSS vulnerability exists in the /admin?page=media endpoint in the file parameter, allowing an attacker to...
CVE-2024-53255 Reflected Cross-site Scripting in /admin?page=media via file Parameter in BoidCMS
BoidCMS is a free and open-source flat file CMS for building simple websites and blogs, developed using PHP and uses JSON as a database. In affected versions a reflected Cross-site Scripting XSS vulnerability exists in the /admin?page=media endpoint in the file parameter, allowing an attacker to...
CVE-2024-53255 Reflected Cross-site Scripting in /admin?page=media via file Parameter in BoidCMS
BoidCMS is a free and open-source flat file CMS for building simple websites and blogs, developed using PHP and uses JSON as a database. In affected versions a reflected Cross-site Scripting XSS vulnerability exists in the /admin?page=media endpoint in the file parameter, allowing an attacker to...
PT-2024-35694 · Boidcms · Boidcms
Name of the Vulnerable Software and Affected Versions: BoidCMS versions prior to 2.1.2 Description: A reflected Cross-site Scripting XSS issue exists in the "admin?page=media" endpoint, specifically in the file parameter, allowing an attacker to inject arbitrary JavaScript code. This could lead t...
BoidCMS 安全漏洞
BoidCMS is a free open source flat file CMS from BoidCMS Open Source for building simple websites and blogs, developed in PHP and using JSON as the database. A security vulnerability exists in BoidCMS 2.1.1 and earlier versions, which stems from a Reflected Cross-Site Scripting XSS vulnerability ...
BoidCMS 安全漏洞
BoidCMS is a free open source flat file CMS for building simple websites and blogs, developed in PHP and using JSON as the database. A security vulnerability exists in BoidCMS version v2.1.0, which stems from the presence of a cross-site scripting XSS vulnerability that allows an attacker to...