# Title: BoidCMS v2.0.0-authenticated-file-upload-RCE # Author: nu11secur1ty # Date: 2026-01-29 # Vendor: BoidCMS # Software: BoidCMS v2.0.0 | https://github.com/BoidCMS/BoidCMS | https://boidcms.github.io/BoidCMS.zip # Reference: CVE-2023-38836 ### Vulnerability Description: CVE-2023-38836 is a critical Remote Code Execution (RCE) vulnerability affecting BoidCMS v2.0.0. This zero-day exploit leverages insecure file upload validation in the admin panel to achieve unauthenticated RCE via authenticated admin access. The vulnerability demonstrates a chain of security failures culminating in complete server compromise. ### Technical Specifications - CVE ID: CVE-2023-38836 - CVSS Score: 9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Admin Credentials (Often Default) - User Interaction: None - Impact: Complete system compromise ### Technical Indicators of Compromise (IOCs) File System Artifacts: /media/shell.php (GIF-PHP polyglot) /uploads/shell.php (Alternative location) /tmp/ directory with suspicious PHP files Network Indicators: POST requests to /admin?page=media File uploads with mismatched Content-Type GET requests to .php files with ?cmd= parameters Process Indicators: Unusual PHP processes executing system commands Network connections from web server to external IPs Increased CPU/memory usage on web server ### Demo [url]:(https://www.patreon.com/posts/boidcms-v2-0-0-149602427) ### Buy me a coffee: [url]:(https://venvar.gumroad.com/l/imjyj) -- System Administrator - Infrastructure Engineer Penetration Testing Engineer Exploit developer at https://packetstormsecurity.com/ https://cve.mitre.org/index.html https://cxsecurity.com/ and https://www.exploit-db.com/ home page: https://www.asc3t1c-nu11secur1ty.com/ hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty <https://www.asc3t1c-nu11secur1ty.com/>