VYPR

Boidcms

by Boidcms

Source repositories

CVEs (5)

  • CVE-2026-39387HigApr 14, 2026
    risk 0.40cvss 7.2epss 0.01

    BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vulnerable to a critical Local File Inclusion (LFI) attack via the tpl parameter, which can lead to Remote Code Execution (RCE).The…

  • CVE-2023-38836Aug 21, 2023
    risk 0.10cvss epss 0.73

    File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks.

  • CVE-2024-53255Nov 25, 2024
    risk 0.00cvss epss 0.01

    BoidCMS is a free and open-source flat file CMS for building simple websites and blogs, developed using PHP and uses JSON as a database. In affected versions a reflected Cross-site Scripting (XSS) vulnerability exists in the /admin?page=media endpoint in the file parameter,…

  • CVE-2024-32342Apr 17, 2024
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink parameter.

  • CVE-2023-48824Dec 7, 2023
    risk 0.00cvss epss 0.00

    BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the title, subtitle, footer, or keywords parameter in a page=create action.