Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
PHP remote file inclusion vulnerability in ToendaCMS 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tcms_administer_site parameter to an unspecified script, probably index.php. NOTE: this issue has been disputed by a third party, who states that $tcms_administer_site is initialized to a constant value within index.php
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
已过期: ToendaCMS 不明脚本TCMS_Administer参数远程文件包含漏洞
Vulnerability Description
**有争议** ToendaCMS 1.0.3及早期版本中存在PHP远程文件包含漏洞,远程攻击者可借助提交到不明脚本(有可能是index.php脚本)中的tcms_administer_site参数中的URL执行任意PHP代码。注:第三方对此问题存在争议,称$tcms_administer_site参数在index.php脚本内部被初始化为常量。
CVSS Information
N/A
Vulnerability Type
N/A