Lucene search
K

48 matches found

CNNVD
CNNVD
added 2024/04/17 12:0 a.m.3 views

BoidCMS 安全漏洞

BoidCMS is a free open source flat file CMS for building simple websites and blogs, developed in PHP and using JSON as the database. A security vulnerability exists in BoidCMS version v2.1.0, which stems from the presence of a cross-site scripting XSS vulnerability that allows an attacker to...

6.1CVSS5.8AI score0.00435EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/04/17 12:0 a.m.4 views

BoidCMS 安全漏洞

BoidCMS is a free open source flat file CMS for building simple websites and blogs, developed in PHP and using JSON as the database. A security vulnerability exists in BoidCMS version v2.1.0, which stems from the presence of a cross-site scripting XSS vulnerability that allows an attacker to...

6.1CVSS5.8AI score0.00413EPSS
Exploits1References2
Rapid7 Blog
Rapid7 Blog
added 2024/03/08 5:0 p.m.91 views

Metasploit Wrap-Up 03/08/2024

New module content 2 GitLab Tags RSS feed email disclosure Authors: erruquill and n00bhaxor Type: Auxiliary Pull request: 18821 contributed by n00bhaxor Path: gather/gitlabtagsrssfeedemaildisclosure AttackerKB reference: CVE-2023-5612 Description: This adds an auxiliary module that leverages an...

7.5CVSS6AI score0.99753EPSS
Exploits27
0day.today
0day.today
added 2024/03/02 12:0 a.m.503 views

BoidCMS 2.0.0 Command Injection Exploit

This Metasploit module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS versions 2.0.0 and below. BoidCMS allows the authenticated upload of a php file as media if the file has the GIF header, even if the file is a php file. This module requires Metasploit:...

8.8CVSS7.1AI score0.69003EPSS
Exploits8
Metasploit
Metasploit
added 2024/03/01 7:51 p.m.381 views

BoidCMS Command Injection

This module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS version 2.0.0 and below. BoidCMS allows the authenticated upload of a php file as media if the file has the GIF header, even if the file is a php file. Module Options msf use exploit/multi/http/cve202338836boidcms msf...

8.8CVSS8.7AI score0.69003EPSS
Exploits8
Packet Storm
Packet Storm
added 2024/03/01 12:0 a.m.568 views

BoidCMS 2.0.0 Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BoidCMS Command Injection', 'Description' = %q This module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS version 2.0.0 and...

8.8CVSS7.4AI score0.69003EPSS
Exploits8
CNVD
CNVD
added 2023/12/11 12:0 a.m.5 views

BoidCMS Cross-Site Scripting Vulnerability

BoidCMS is a free open source flat file CMS for building simple websites and blogs, developed in PHP and using JSON as a database. A cross-site scripting vulnerability exists in BoidCMS version 2.0.1. The vulnerability stems from the application's lack of effective filtering and escaping of...

5.4CVSS6.3AI score0.00464EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2023/12/07 7:15 a.m.3 views

CVE-2023-48824

BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the title, subtitle, footer, or keywords parameter in a page=create action...

5.4CVSS6AI score0.00464EPSS
Exploits2References2
NVD
NVD
added 2023/12/07 7:15 a.m.12 views

CVE-2023-48824

BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the title, subtitle, footer, or keywords parameter in a page=create action...

5.4CVSS0.00464EPSS
Exploits2References1
Prion
Prion
added 2023/12/07 7:15 a.m.14 views

Cross site scripting

BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the title, subtitle, footer, or keywords parameter in a page=create action...

4.9CVSS5.9AI score0.00464EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2023/12/07 12:0 a.m.5 views

BoidCMS 安全漏洞

BoidCMS is a free open source flat file CMS for building simple websites and blogs, developed in PHP and using JSON as a database. A cross-site scripting vulnerability exists in BoidCMS version 2.0.1. The vulnerability stems from the application's lack of effective filtering and escaping of...

5.4CVSS5.3AI score0.00464EPSS
Exploits2References2
CVE
CVE
added 2023/12/07 12:0 a.m.38 views

CVE-2023-48824

BoidCMS 2.0.1 is vulnerable to multiple stored XSS via the title, subtitle, footer, or keywords parameters in a page=create action. The root cause is insufficient input filtering/escaping in BoidCMS (PHP, JSON-backed flat-file CMS). Impact is XSS in affected pages; exploitation details are availa...

5.4CVSS5.2AI score0.00464EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2023/12/07 12:0 a.m.13 views

CVE-2023-48824

BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the title, subtitle, footer, or keywords parameter in a page=create action...

5.4CVSS5.6AI score0.00464EPSS
Exploits2References3
Cvelist
Cvelist
added 2023/12/07 12:0 a.m.18 views

CVE-2023-48824

BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the title, subtitle, footer, or keywords parameter in a page=create action...

5.5AI score0.00464EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/12/06 12:0 a.m.8 views

PT-2023-30968 · Boidcms · Boidcms

Name of the Vulnerable Software and Affected Versions: BoidCMS version 2.0.1 Description: The issue is related to Multiple Stored Cross-Site Scripting XSS problems. These issues can be triggered via the title, subtitle, footer, or keywords parameter in a "page=create" action. Recommendations: For...

5.4CVSS5.3AI score0.00464EPSS
Exploits2References5
Packet Storm
Packet Storm
added 2023/12/04 12:0 a.m.477 views

BoidCMS 2.0.1 Cross Site Scripting

Exploit Title: BoidCMS v2.0.1 - Multiple Stored XSS Date: 13/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://boidcms.github.io// Software Link: https://github.com/BoidCMS/BoidCMS/archive/refs/tags/v2.0.1.zip Version: v2.0.1 Tested on: Windows 10, PHP...

7.4AI score0.00464EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/10/10 12:0 a.m.350 views

BoidCMS 2.0.0 Shell Upload

!/usr/bin/python3 Exploit Title: BoidCMS v2.0.0 - authenticated file upload vulnerability Date: 08/21/2023 Exploit Author: 1337kid Vendor Homepage: https://boidcms.github.io// Software Link: https://boidcms.github.io/BoidCMS.zip Version: ' with open'shell.php','w' as f: f.writelinesphpcode ====...

8.8CVSS7.1AI score0.69003EPSS
Exploits8
0day.today
0day.today
added 2023/10/09 12:0 a.m.233 views

BoidCMS v2.0.0 - authenticated file upload Exploit

!/usr/bin/python3 Exploit Title: BoidCMS v2.0.0 - authenticated file upload vulnerability Exploit Author: 1337kid Vendor Homepage: https://boidcms.github.io// Software Link: https://boidcms.github.io/BoidCMS.zip Version: ' with open'shell.php','w' as f: f.writelinesphpcode ==== file = 'file' :...

8.8CVSS8.7AI score0.69003EPSS
Exploits8
Exploit DB
Exploit DB
added 2023/10/09 12:0 a.m.417 views

BoidCMS v2.0.0 - authenticated file upload vulnerability

!/usr/bin/python3 Exploit Title: BoidCMS v2.0.0 - authenticated file upload vulnerability Date: 08/21/2023 Exploit Author: 1337kid Vendor Homepage: https://boidcms.github.io// Software Link: https://boidcms.github.io/BoidCMS.zip Version: ' with open'shell.php','w' as f: f.writelinesphpcode ====...

8.8CVSS7AI score0.69003EPSS
Exploits8
ATTACKERKB
ATTACKERKB
added 2023/08/21 5:15 p.m.6 views

CVE-2023-38836

File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks...

8.8CVSS6.2AI score0.69003EPSS
Exploits8References5
Rows per page
Query Builder