← Back

CVE-2025-50233

nvd nist
Published: Aug 6, 2025Modified: Sep 23, 2025

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Exploitability: 3.9 / Impact: 2.5
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A vulnerability in QCMS version 6.0.5 allows authenticated users to read arbitrary files from the server due to insufficient validation of the "Name" parameter in the backend template editor. By manipulating the parameter, attackers can perform directory traversal and access sensitive files outside the intended template directory, potentially exposing system configuration, PHP source code, or other sensitive information.

Affected (1)

Products: Q Cms: Qcms
Q Cms
1 product
Qcms
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Qcms
Version 6.0.5

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
ExploitThird Party Advisory

Timeline

No history available yet.