Full title: BoidCMS 2.0.0 Command Injection Exploit 
Category: remote exploits
Platform: multiple
This Metasploit module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS versions 2.0.0 and below. BoidCMS allows the authenticated upload of a php file as media if the file has the GIF header, even if the file is a php file.

# 0day.today @ http://0day.today/