Harsh Kothari

1 exploit Active since Aug 2025
CVE-2025-52390 WRITEUP CRITICAL WRITEUP
Saurus CMS Community Edition - SQL Injection
Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection vulnerability in the `prepareSearchQuery()` method in `FulltextSearch.class.php`. The application directly concatenates user-supplied input (`$search_word`) into SQL queries without sanitization, allowing attackers to manipulate the SQL logic and potentially extract sensitive information or escalate their privileges.
CVSS 9.1