CVE-2025-52390

Name of the Vulnerable Software and Affected Versions Saurus CMS Community Edition versions since commit d886e5b0 (2010-04-23)

Description Saurus CMS Community Edition is susceptible to a SQL Injection issue due to the direct concatenation of user-supplied input ($search word) into SQL queries within the prepareSearchQuery() method in FulltextSearch.class.php without proper sanitization. This allows attackers to manipulate SQL logic, potentially leading to sensitive information disclosure or privilege escalation.

Recommendations Versions since commit d886e5b0 (2010-04-23): Sanitize user input ($search word) before using it in SQL queries within the prepareSearchQuery() method in FulltextSearch.class.php.