CVE-2025-60574

Name of the Vulnerable Software and Affected Versions tQuadra CMS version 4.2.1117

Description A Local File Inclusion (LFI) issue exists in tQuadra CMS. The vulnerability is located in the "/styles/" path, which does not properly sanitize user-supplied input. An attacker can exploit this by sending a crafted GET request to retrieve arbitrary files from the underlying system. The vulnerable parameter is not specified.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.