48 matches found
BoidCMS 安全漏洞
BoidCMS is a free open source flat file CMS for building simple websites and blogs, developed in PHP and using JSON as the database. A security vulnerability exists in BoidCMS version v2.1.0, which stems from the presence of a cross-site scripting XSS vulnerability that allows an attacker to...
BoidCMS 安全漏洞
BoidCMS is a free open source flat file CMS for building simple websites and blogs, developed in PHP and using JSON as the database. A security vulnerability exists in BoidCMS version v2.1.0, which stems from the presence of a cross-site scripting XSS vulnerability that allows an attacker to...
Metasploit Wrap-Up 03/08/2024
New module content 2 GitLab Tags RSS feed email disclosure Authors: erruquill and n00bhaxor Type: Auxiliary Pull request: 18821 contributed by n00bhaxor Path: gather/gitlabtagsrssfeedemaildisclosure AttackerKB reference: CVE-2023-5612 Description: This adds an auxiliary module that leverages an...
BoidCMS 2.0.0 Command Injection Exploit
This Metasploit module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS versions 2.0.0 and below. BoidCMS allows the authenticated upload of a php file as media if the file has the GIF header, even if the file is a php file. This module requires Metasploit:...
BoidCMS Command Injection
This module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS version 2.0.0 and below. BoidCMS allows the authenticated upload of a php file as media if the file has the GIF header, even if the file is a php file. Module Options msf use exploit/multi/http/cve202338836boidcms msf...
BoidCMS 2.0.0 Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BoidCMS Command Injection', 'Description' = %q This module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS version 2.0.0 and...
BoidCMS Cross-Site Scripting Vulnerability
BoidCMS is a free open source flat file CMS for building simple websites and blogs, developed in PHP and using JSON as a database. A cross-site scripting vulnerability exists in BoidCMS version 2.0.1. The vulnerability stems from the application's lack of effective filtering and escaping of...
CVE-2023-48824
BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the title, subtitle, footer, or keywords parameter in a page=create action...
CVE-2023-48824
BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the title, subtitle, footer, or keywords parameter in a page=create action...
Cross site scripting
BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the title, subtitle, footer, or keywords parameter in a page=create action...
BoidCMS 安全漏洞
BoidCMS is a free open source flat file CMS for building simple websites and blogs, developed in PHP and using JSON as a database. A cross-site scripting vulnerability exists in BoidCMS version 2.0.1. The vulnerability stems from the application's lack of effective filtering and escaping of...
CVE-2023-48824
BoidCMS 2.0.1 is vulnerable to multiple stored XSS via the title, subtitle, footer, or keywords parameters in a page=create action. The root cause is insufficient input filtering/escaping in BoidCMS (PHP, JSON-backed flat-file CMS). Impact is XSS in affected pages; exploitation details are availa...
CVE-2023-48824
BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the title, subtitle, footer, or keywords parameter in a page=create action...
CVE-2023-48824
BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the title, subtitle, footer, or keywords parameter in a page=create action...
PT-2023-30968 · Boidcms · Boidcms
Name of the Vulnerable Software and Affected Versions: BoidCMS version 2.0.1 Description: The issue is related to Multiple Stored Cross-Site Scripting XSS problems. These issues can be triggered via the title, subtitle, footer, or keywords parameter in a "page=create" action. Recommendations: For...
BoidCMS 2.0.1 Cross Site Scripting
Exploit Title: BoidCMS v2.0.1 - Multiple Stored XSS Date: 13/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://boidcms.github.io// Software Link: https://github.com/BoidCMS/BoidCMS/archive/refs/tags/v2.0.1.zip Version: v2.0.1 Tested on: Windows 10, PHP...
BoidCMS 2.0.0 Shell Upload
!/usr/bin/python3 Exploit Title: BoidCMS v2.0.0 - authenticated file upload vulnerability Date: 08/21/2023 Exploit Author: 1337kid Vendor Homepage: https://boidcms.github.io// Software Link: https://boidcms.github.io/BoidCMS.zip Version: ' with open'shell.php','w' as f: f.writelinesphpcode ====...
BoidCMS v2.0.0 - authenticated file upload Exploit
!/usr/bin/python3 Exploit Title: BoidCMS v2.0.0 - authenticated file upload vulnerability Exploit Author: 1337kid Vendor Homepage: https://boidcms.github.io// Software Link: https://boidcms.github.io/BoidCMS.zip Version: ' with open'shell.php','w' as f: f.writelinesphpcode ==== file = 'file' :...
BoidCMS v2.0.0 - authenticated file upload vulnerability
!/usr/bin/python3 Exploit Title: BoidCMS v2.0.0 - authenticated file upload vulnerability Date: 08/21/2023 Exploit Author: 1337kid Vendor Homepage: https://boidcms.github.io// Software Link: https://boidcms.github.io/BoidCMS.zip Version: ' with open'shell.php','w' as f: f.writelinesphpcode ====...
CVE-2023-38836
File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks...