Name of the Vulnerable Software and Affected Versions:

Saurus CMS Community Edition versions since commit d886e5b0 (2010-04-23)

Description:

Saurus CMS Community Edition is susceptible to a SQL Injection issue due to the direct concatenation of user-supplied input (`$search word`) into SQL queries within the `prepareSearchQuery()` method in `FulltextSearch.class.php` without proper sanitization. This allows attackers to manipulate SQL logic, potentially leading to sensitive information disclosure or privilege escalation.

Recommendations:

Versions since commit d886e5b0 (2010-04-23): Sanitize user input (`$search word`) before using it in SQL queries within the `prepareSearchQuery()` method in `FulltextSearch.class.php`.