CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-60574

A Local File Inclusion (LFI) vulnerability has been identified in tQuadra CMS 4.2.1117. The issue exists in the "/styles/" path, which fails to properly sanitize user-supplied input. An attacker can exploit this by sending a crafted GET request to retrieve arbitrary files from the underlying system.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 18.5%

CVSS Severity

CVSS v3 Score 7.5

References

https://github.com/jacopoaugelli/CVE-2025-60574

Products affected by CVE-2025-60574

Webair » Tquadra Cms » Version: 4.2.1117

cpe:2.3:a:webair:tquadra_cms:4.2.1117

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-60574

Products

Pricing

Contact Us