CVE-2023-38836

This exploit leverages an authenticated file upload vulnerability in BoidCMS v2.0.0 to upload a malicious PHP shell, enabling remote command execution. It authenticates as an admin, uploads a shell disguised as a GIF, and provides interactive command execution.

This repository contains a functional exploit for CVE-2023-38836, an authenticated file upload vulnerability in BoidCMS <= 2.0.0. The exploit bypasses MIME type checks by prepending a GIF header to a PHP shell, achieving remote code execution (RCE) via a reverse shell.

This Metasploit module exploits CVE-2023-38836, a command injection vulnerability in BoidCMS 2.0.0 and below, by uploading a malicious PHP file disguised as a GIF and executing arbitrary commands via a reverse shell.