CVE-2025-50233

MEDIUM

QCMS 6.0.5 - Authenticated Arbitrary File Read via Backend Template Editor Name Parameter

Title source: llm

Description

A vulnerability in QCMS version 6.0.5 allows authenticated users to read arbitrary files from the server due to insufficient validation of the "Name" parameter in the backend template editor. By manipulating the parameter, attackers can perform directory traversal and access sensitive files outside the intended template directory, potentially exposing system configuration, PHP source code, or other sensitive information.

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://github.com/xiaoyangsec/cve

View Exploit ZIP pw:eip

Exploit, Third Party Advisory

https://github.com/xiaoyangsec/cve/blob/main/README.md

View Exploit ZIP pw:eip

Scores

CVSS v3 6.5

EPSS 0.0044

EPSS Percentile 35.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-20

Status published

Products (1)

q-cms/qcms 6.0.5

Published Aug 06, 2025

Tracked Since Feb 18, 2026