Описание
Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare() function, which uses preg_replace() with the deprecated /e (eval) modifier to interpolate SQL query parameters. This leads to injection of user-controlled SQL statements, potentially leading to arbitrary PHP code execution.
EPSS
Процентиль: 32%
0.00126
Низкий
10 Critical
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 10
github
6 месяцев назад
Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare() function, which uses preg_replace() with the deprecated /e (eval) modifier to interpolate SQL query parameters. This leads to injection of user-controlled SQL statements, potentially leading to arbitrary PHP code execution.
EPSS
Процентиль: 32%
0.00126
Низкий
10 Critical
CVSS3
Дефекты
CWE-89