CVE-2006-4349

ToendaCMS 1.0.3 - Remote File Inclusion via tcms_administer_site Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4349. PoCs published by You_You.

AI-analyzed exploit summary The provided text describes a retired remote file-include vulnerability in ToendaCMS 1.0.3 and prior, but lacks actual exploit code. The BID is noted as retired due to further analysis indicating it is not a vulnerability.

Description

PHP remote file inclusion vulnerability in ToendaCMS 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tcms_administer_site parameter to an unspecified script, probably index.php. NOTE: this issue has been disputed by a third party, who states that $tcms_administer_site is initialized to a constant value within index.php

Exploits (1)

exploitdb WRITEUP VERIFIED
by You_You · textwebappsphp
https://www.exploit-db.com/exploits/28417

The provided text describes a retired remote file-include vulnerability in ToendaCMS 1.0.3 and prior, but lacks actual exploit code. The BID is noted as retired due to further analysis indicating it is not a vulnerability.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: ToendaCMS 1.0.3 and prior
No auth needed
Prerequisites: Access to the target URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/19626
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/28491
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/29358
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/443918/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/444236/100/0/threaded

Scores

EPSS 0.0276
EPSS Percentile 84.4%

Details

Status published
Products (2)
toenda_software_development/toendacms 1.0
toenda_software_development/toendacms stable_1.0.3
Published Aug 24, 2006
Tracked Since Feb 18, 2026