diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json index 781a6f7a76..2aebda007f 100644 --- a/db/modules_metadata_base.json +++ b/db/modules_metadata_base.json @@ -98243,6 +98243,68 @@ "session_types": false, "needs_cleanup": null }, + "exploit_multi/http/cve_2023_38836_boidcms": { + "name": "BoidCMS Command Injection", + "fullname": "exploit/multi/http/cve_2023_38836_boidcms", + "aliases": [ + + ], + "rank": 600, + "disclosure_date": "2023-07-13", + "type": "exploit", + "author": [ + "1337kid", + "bwatters-r7" + ], + "description": "This module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS version 2.0.0\n and below. BoidCMS allows the authenticated upload of a php file as media if the file has\n the GIF header, even if the file is a php file.", + "references": [ + "CVE-2023-38836", + "URL-https://github.com/1337kid/CVE-2023-38836" + ], + "platform": "", + "arch": "cmd", + "rport": 80, + "autofilter_ports": [ + 80, + 8080, + 443, + 8000, + 8888, + 8880, + 8008, + 3000, + 8443 + ], + "autofilter_services": [ + "http", + "https" + ], + "targets": [ + "nix Command", + "Windows Command" + ], + "mod_time": "2024-02-29 12:42:22 +0000", + "path": "/modules/exploits/multi/http/cve_2023_38836_boidcms.rb", + "is_install_path": true, + "ref_name": "multi/http/cve_2023_38836_boidcms", + "check": true, + "post_auth": true, + "default_credential": false, + "notes": { + "Stability": [ + "crash-safe" + ], + "Reliability": [ + "repeatable-session" + ], + "SideEffects": [ + "ioc-in-logs", + "artifacts-on-disk" + ] + }, + "session_types": false, + "needs_cleanup": true + }, "exploit_multi/http/dexter_casinoloader_exec": { "name": "Dexter (CasinoLoader) SQL Injection", "fullname": "exploit/multi/http/dexter_casinoloader_exec",