Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-xfj7-2jg6-3957

Опубликовано: 01 авг. 2025
Источник: github
Github: Не прошло ревью
CVSS3: 9.1

Описание

Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection vulnerability in the prepareSearchQuery() method in FulltextSearch.class.php. The application directly concatenates user-supplied input ($search_word) into SQL queries without sanitization, allowing attackers to manipulate the SQL logic and potentially extract sensitive information or escalate their privileges.

Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection vulnerability in the prepareSearchQuery() method in FulltextSearch.class.php. The application directly concatenates user-supplied input ($search_word) into SQL queries without sanitization, allowing attackers to manipulate the SQL logic and potentially extract sensitive information or escalate their privileges.

Ссылки

EPSS

Процентиль: 19%
0.00059
Низкий

9.1 Critical

CVSS3

CVE ID

CVE-2025-52390

Дефекты

CWE-89

Связанные уязвимости

nvd логотип

CVE-2025-52390

CVSS3: 9.1
nvd
6 месяцев назад

Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection vulnerability in the `prepareSearchQuery()` method in `FulltextSearch.class.php`. The application directly concatenates user-supplied input (`$search_word`) into SQL queries without sanitization, allowing attackers to manipulate the SQL logic and potentially extract sensitive information or escalate their privileges.

EPSS

Процентиль: 19%
0.00059
Низкий

9.1 Critical

CVSS3

CVE ID

CVE-2025-52390

Дефекты

CWE-89