CVE-2025-52390 – Saurus CMS SQL Injection Vulnerability

CVE ID : CVE-2025-52390

Published : Aug. 1, 2025, 4:15 p.m. | 1 hour, 22 minutes ago

Description : Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection vulnerability in the `prepareSearchQuery()` method in `FulltextSearch.class.php`. The application directly concatenates user-supplied input (`$search_word`) into SQL queries without sanitization, allowing attackers to manipulate the SQL logic and potentially extract sensitive information or escalate their privileges.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…