Vulnerability Database

300,445

Total vulnerabilities in the database

CVE-2025-52390

Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection vulnerability in the prepareSearchQuery() method in FulltextSearch.class.php. The application directly concatenates user-supplied input ($search_word) into SQL queries without sanitization, allowing attackers to manipulate the SQL logic and potentially extract sensitive information or escalate their privileges.

Published: Aug 1, 2025
Updated: Aug 2, 2025
CVE: CVE-2025-52390
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

No affected software listed.

https://github.com/sauruscms/Saurus-CMS-Community-Edition/blob/d886e5b0c1e2b42cd74e2184e7c81c720cd9de6b/classes/FulltextSearch.class.php#L331
https://github.com/theharshkothari/vulnerability-research/blob/main/CVE-2025-52390.md

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo