Vulnerabilities > CVE-2006-4349 - Unspecified vulnerability in Toenda Software Development Toendacms 1.0/Stable1.0.3
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN toenda-software-development
exploit available
Summary
PHP remote file inclusion vulnerability in ToendaCMS 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tcms_administer_site parameter to an unspecified script, probably index.php. NOTE: this issue has been disputed by a third party, who states that $tcms_administer_site is initialized to a constant value within index.php
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | ToendaCMS 0.x/1.0.x TCMS_Administer Parameter Remote File Include Vulnerability. CVE-2006-4349. Webapps exploit for php platform |
| id | EDB-ID:28417 |
| last seen | 2016-02-03 |
| modified | 2006-08-21 |
| published | 2006-08-21 |
| reporter | You_You |
| source | https://www.exploit-db.com/download/28417/ |
| title | ToendaCMS 0.x/1.0.x TCMS_Administer Parameter Remote File Include Vulnerability |