PT-2025-31648 · Unknown · Saurus Cms Community Edition

Cyberhrsh

+1

·

Publicado

2025-08-01

·

Atualizado

2025-08-01

·

CVE-2025-52390

CVSS v3.1

9.1

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions Saurus CMS Community Edition versions since commit d886e5b0 (2010-04-23)
Description Saurus CMS Community Edition is susceptible to a SQL Injection issue due to the direct concatenation of user-supplied input ($search word) into SQL queries within the prepareSearchQuery() method in FulltextSearch.class.php without proper sanitization. This allows attackers to manipulate SQL logic, potentially leading to sensitive information disclosure or privilege escalation.
Recommendations Versions since commit d886e5b0 (2010-04-23): Sanitize user input ($search word) before using it in SQL queries within the prepareSearchQuery() method in FulltextSearch.class.php.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2025-52390

Produtos afetados

Saurus Cms Community Edition