CVE-2023-38836

HIGH

BoidCMS Command Injection

Title source: metasploit

Exploitation Summary

EIP tracks 3 public exploits for CVE-2023-38836. PoCs published by 1337kid, 1337kid, bwatters-r7, including Metasploit module exploits/multi/http/cve_2023_38836_boidcms.

AI-analyzed exploit summary This exploit leverages an authenticated file upload vulnerability in BoidCMS v2.0.0 to upload a malicious PHP shell, enabling remote command execution. It authenticates as an admin, uploads a shell disguised as a GIF, and provides interactive command execution.

Description

File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks.

Exploits (3)

exploitdb WORKING POC

by 1337kid · pythonwebappsphp

https://www.exploit-db.com/exploits/51741

View Code ZIP pw:eip

This exploit leverages an authenticated file upload vulnerability in BoidCMS v2.0.0 to upload a malicious PHP shell, enabling remote command execution. It authenticates as an admin, uploads a shell disguised as a GIF, and provides interactive command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: BoidCMS <= 2.0.0

Auth required

Prerequisites: Valid admin credentials · Access to the admin panel

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 5 stars

by 1337kid · poc

https://github.com/1337kid/CVE-2023-38836

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2023-38836, an authenticated file upload vulnerability in BoidCMS <= 2.0.0. The exploit bypasses MIME type checks by prepending a GIF header to a PHP shell, achieving remote code execution (RCE) via a reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: BoidCMS <= 2.0.0

Auth required

Prerequisites: Valid admin credentials · Network access to the target · Listener setup for reverse shell

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 18, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by 1337kid, bwatters-r7 · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/cve_2023_38836_boidcms.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2023-38836, a command injection vulnerability in BoidCMS 2.0.0 and below, by uploading a malicious PHP file disguised as a GIF and executing arbitrary commands via a reverse shell.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: BoidCMS <= 2.0.0

Auth required

Prerequisites: Valid BoidCMS credentials · Access to the admin panel

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Product

http://boidcms.com

Exploit, Issue Tracking, Vendor Advisory

https://github.com/BoidCMS/BoidCMS/issues/27

Exploit, Third Party Advisory

http://packetstormsecurity.com/files/175026/BoidCMS-2.0.0-Shell-Upload.html

Scores

CVSS v3 8.8

EPSS 0.7321

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

boidcms/boidcms 2.0.0

Published Aug 21, 2023

Tracked Since Feb 18, 2026