CNNVD-202508-594 Information

CNNVD ID

CNNVD-202508-594

Related CVE

CVE-2025-50233

• CNNVD Published: 2025-08-06

Description (Chinese)

茸易科技 QCMS是中国茸易科技公司的一套用于创建响应式网站的开源内容管理系统（CMS）。 QCMS 6.0.5版本存在安全漏洞，该漏洞源于后端模板编辑器中Name参数验证不足，可能导致目录遍历和任意文件读取。

Description (English)

QCMS is an open-source content management system (CMS) for the creation of a responsive web site for China. QCMS version 6.0.5 contains a security loophole that originates from the inadequate verification of the name parameters in the back-end template editor, which may lead to a directory going through and to any file.

Hazard Level

High

Vulnerability Type

其他

Published

2025-08-06

Last Modified

2026-02-24

References

https://github.com/xiaoyangsec/cve https://github.com/xiaoyangsec/cve/blob/main/README.md https://access.redhat.com/security/cve/cve-2025-50233