MidnightBSD

Advisories for webair

CVE-2025-60574

A Local File Inclusion (LFI) vulnerability has been identified in tQuadra CMS 4.2.1117. The issue exists in the "/styles/" path, which fails to properly sanitize user-supplied input. An attacker can exploit this by sending a crafted GET request to retrieve arbitrary files from the underlying system.

Products Affected

Vendor Product Version
webair tquadra_cms 4.2.1117