CVE-2023-38836

Name of the Vulnerable Software and Affected Versions BoidCMS version 2.0.0

Description A remote attacker can execute arbitrary code by exploiting a file upload vulnerability in BoidCMS. This is achieved by adding a GIF header to bypass MIME type checks, allowing the attacker to execute code via the GIF header component.

Recommendations For BoidCMS version 2.0.0, consider disabling the file upload feature until a patch is available to prevent exploitation. Restrict access to the component that handles GIF headers to minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.