CVE-2023-38836
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Aug 21, 2023
Updated: Oct 10, 2023
CWE ID 434
Summary
CVE-2023-38836 is a file upload vulnerability affecting BoidCMS version 2.0.0. An attacker can exploit this weakness by uploading a specially crafted GIF file, which bypasses MIME type checks. Once uploaded, the malicious file is executed arbitrarily on the server, potentially leading to unauthorized access, data theft, or system compromise. This issue poses a significant risk to organizations using the vulnerable version of BoidCMS and highlights the importance of keeping software up-to-date with security patches.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share