CVE-2025-50233
BaseFortify
Publication date: 2025-08-06
Last updated on: 2025-09-23
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| q-cms | qcms | 6.0.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-50233 is a vulnerability in QCMS version 6.0.5 where authenticated users can read arbitrary files on the server by exploiting insufficient validation of the "Name" parameter in the backend template editor. This allows attackers to perform directory traversal attacks by manipulating the parameter to access sensitive files outside the intended template directory, such as system configuration files or PHP source code. [1]
How can this vulnerability impact me? :
This vulnerability can lead to significant information disclosure by allowing authenticated attackers to read sensitive files on the server. This may expose system configuration details, backend PHP source code, and other sensitive information, which could be used to further compromise the system or escalate privileges. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending authenticated HTTP GET requests to the backend template editor endpoint with manipulated "Name" parameters that attempt directory traversal. For example, using curl to request sensitive files: curl -i -b "<session_cookie>" "http://vulnerable-website.com/admin/templates/edit.html?Name=../../Lib/Config/Config.ini" and checking if the response contains contents of the targeted file. Monitoring web server logs for such suspicious requests with directory traversal patterns in the "Name" parameter can also help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the backend template editor to only trusted administrators, applying input validation and sanitization on the "Name" parameter to prevent directory traversal, and updating QCMS to a patched version if available. Additionally, monitoring and blocking suspicious requests that contain directory traversal patterns can reduce risk until a fix is applied. [1]