VYPR
Critical severity9.1NVD Advisory· Published Aug 1, 2025· Updated Apr 15, 2026

CVE-2025-52390

CVE-2025-52390

Description

Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection vulnerability in the prepareSearchQuery() method in FulltextSearch.class.php. The application directly concatenates user-supplied input ($search_word) into SQL queries without sanitization, allowing attackers to manipulate the SQL logic and potentially extract sensitive information or escalate their privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1
  • Saurus/CMSllm-fuzzy
    Range: >= 2010-04-23 (commit d886e5b0)

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.