Boidcms
by Boidcms
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-39387 | Hig | 0.40 | 7.2 | 0.01 | Apr 14, 2026 | BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vulnerable to a critical Local File Inclusion (LFI) attack via the tpl parameter, which can lead to Remote Code Execution (RCE).The… | ||
| CVE-2023-38836 | 0.10 | — | 0.73 | Aug 21, 2023 | File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks. | |||
| CVE-2024-53255 | 0.00 | — | 0.01 | Nov 25, 2024 | BoidCMS is a free and open-source flat file CMS for building simple websites and blogs, developed using PHP and uses JSON as a database. In affected versions a reflected Cross-site Scripting (XSS) vulnerability exists in the /admin?page=media endpoint in the file parameter,… | |||
| CVE-2024-32342 | 0.00 | — | 0.00 | Apr 17, 2024 | A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink parameter. | |||
| CVE-2023-48824 | 0.00 | — | 0.00 | Dec 7, 2023 | BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the title, subtitle, footer, or keywords parameter in a page=create action. |
- risk 0.40cvss 7.2epss 0.01
BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vulnerable to a critical Local File Inclusion (LFI) attack via the tpl parameter, which can lead to Remote Code Execution (RCE).The…
- CVE-2023-38836Aug 21, 2023risk 0.10cvss —epss 0.73
File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks.
- CVE-2024-53255Nov 25, 2024risk 0.00cvss —epss 0.01
BoidCMS is a free and open-source flat file CMS for building simple websites and blogs, developed using PHP and uses JSON as a database. In affected versions a reflected Cross-site Scripting (XSS) vulnerability exists in the /admin?page=media endpoint in the file parameter,…
- CVE-2024-32342Apr 17, 2024risk 0.00cvss —epss 0.00
A cross-site scripting (XSS) vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink parameter.
- CVE-2023-48824Dec 7, 2023risk 0.00cvss —epss 0.00
BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the title, subtitle, footer, or keywords parameter in a page=create action.