We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-52390



Description

Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection vulnerability in the `prepareSearchQuery()` method in `FulltextSearch.class.php`. The application directly concatenates user-supplied input (`$search_word`) into SQL queries without sanitization, allowing attackers to manipulate the SQL logic and potentially extract sensitive information or escalate their privileges.

Reserved 2025-06-16 | Published 2025-08-01 | Updated 2025-08-01 | Assigner mitre

References

github.com/...81c720cd9de6b/classes/FulltextSearch.class.php

github.com/...erability-research/blob/main/CVE-2025-52390.md

cve.org (CVE-2025-52390)

nvd.nist.gov (CVE-2025-52390)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-52390

Support options

Helpdesk Chat, Email, Knowledgebase