CVE Alert: CVE-2025-50233

August 7, 2025
image 1

Vulnerability Summary: CVE-2025-50233

A vulnerability in QCMS version 6.0.5 allows authenticated users to read arbitrary files from the server due to insufficient validation of the “Name” parameter in the backend template editor. By manipulating the parameter, attackers can perform directory traversal and access sensitive files outside the intended template directory, potentially exposing system configuration, PHP source code, or other sensitive information.

Affected Endpoints:

No affected endpoints listed.

Published Date:

8/6/2025, 3:15:32 PM

⚠️ CVSS Score:

CVSS v3 Score: 6.5 (Medium)

Exploit Status:

Not Exploited

References:

Recommended Action:

No proposed action available. Please refer to vendor documentation for updates.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

To keep up to date follow us on the below channels.

Tags: , ,

You may have missed

0f18bd21ae87abe73e0faa2b3dc18059524ee1b0903d7fa2090acf24f5c11769

Network Scans Find Linux Is Growing On Business Desktops, Laptops

August 8, 2025
ce2f36f1d3194c40711155e83ce5ec59964b598a41211b50a96ec3c4e42c393d

Openai’s New Model Can’t Believe That Trump Is Back In Office

August 8, 2025
f7d3ac9416792925679a4410c120c8f0092ae637e1c0e64b811bf282761ce21a

Klm, Air France Latest Major Organizations Looted For Customer Data

August 8, 2025
image

CVE Alert: CVE-2025-53792

August 8, 2025
image

CVE Alert: CVE-2025-47808

August 8, 2025