9.1
/ 10
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Description
Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection vulnerability in the `prepareSearchQuery()` method in `FulltextSearch.class.php`. The application directly concatenates user-supplied input (`$search_word`) into SQL queries without sanitization, allowing attackers to manipulate the SQL logic and potentially extract sensitive information or escalate their privileges.
Basic Information
ID
CVE-2025-52390
Source
mitre
Published
Aug 1, 2025 at 00:00
Modified
Aug 1, 2025 at 17:30
Affected Product
Vendor
n/a
Product
n/a
Version
n/a
Affected Versions
n/a n/a n/a