Critical severity10.0NVD Advisory· Published Aug 19, 2025· Updated Apr 15, 2026
CVE-2025-50567
CVE-2025-50567
Description
Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare() function, which uses preg_replace() with the deprecated /e (eval) modifier to interpolate SQL query parameters. This leads to injection of user-controlled SQL statements, potentially leading to arbitrary PHP code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: = 4.7.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.