# Title: BoidCMS v1.0.1-authenticated-file-upload-RCE # Author: nu11secur1ty # Date: 02/05/2026 # Vendor: BoidCMS # Software: https://github.com/BoidCMS/BoidCMS/releases/tag/v1.0.1 ### Vulnerability Description: The BoidCMS v1.0.1 CMS is suffers from critical Remote Code Execution (RCE) vulnerability affecting BoidCMS v1.0.1. This zero-day exploit leverages insecure file upload validation in the admin panel to achieve unauthenticated RCE via authenticated admin access. The vulnerability demonstrates a chain of security failures culminating in complete server compromise. ### Technical Specifications - CVSS Score: 9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Admin Credentials (Often Default) - User Interaction: None - Impact: Complete system compromise ### Technical Indicators of Compromise (IOCs) File System Artifacts: /media/shell.php (GIF-PHP polyglot) /uploads/shell.php (Alternative location) /tmp/ directory with suspicious PHP files Network Indicators: POST requests to /admin?page=media File uploads with mismatched Content-Type GET requests to .php files with ?cmd= parameters Process Indicators: Unusual PHP processes executing system commands Network connections from web server to external IPs Increased CPU/memory usage on web server ### The demo exploit for 2.0.0 is same as...1.0.1 [url]:(https://www.patreon.com/posts/boidcms-v2-0-0-149602427) ### Buy me a coffee: [url]:(https://venvar.gumroad.com/l/imjyj) -- System Administrator - Infrastructure Engineer Penetration Testing Engineer Exploit developer at https://packetstormsecurity.com/ https://cve.mitre.org/index.html https://cxsecurity.com/ and https://www.exploit-db.com/ home page: https://www.asc3t1c-nu11secur1ty.com/ hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty <https://www.asc3t1c-nu11secur1ty.com/>