CMS
by Saurus
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-52390 | Cri | 0.59 | 9.1 | 0.01 | Aug 1, 2025 | Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection vulnerability in the `prepareSearchQuery()` method in `FulltextSearch.class.php`. The application directly concatenates user-supplied input (`$search_word`) into SQL queries without… | ||
| CVE-2010-4943 | 0.03 | — | 0.02 | Oct 9, 2011 | Multiple PHP remote file inclusion vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to execute arbitrary PHP code via a URL in the class_path parameter to (1) file.php or (2) com_del.php. | |||
| CVE-2010-1997 | 0.03 | — | 0.03 | May 20, 2010 | Cross-site scripting (XSS) vulnerability in admin/edit.php in Saurus CMS 4.7.0 allows remote authenticated users, with "Article list" edit privileges, to inject arbitrary web script or HTML via the pealkiri parameter. | |||
| CVE-2015-0876 | 0.00 | — | 0.02 | Apr 7, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in the print_language_selectbox function in classes/adminpage.inc.php in Saurus CMS Community Edition before 4.7 2015-02-04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-1562 | 0.00 | — | 0.02 | Feb 9, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter to admin/user_management.php, (2) data_search parameter to /admin/profile_data.php, or (3) filter parameter to… |
- risk 0.59cvss 9.1epss 0.01
Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection vulnerability in the `prepareSearchQuery()` method in `FulltextSearch.class.php`. The application directly concatenates user-supplied input (`$search_word`) into SQL queries without…
- CVE-2010-4943Oct 9, 2011risk 0.03cvss —epss 0.02
Multiple PHP remote file inclusion vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to execute arbitrary PHP code via a URL in the class_path parameter to (1) file.php or (2) com_del.php.
- CVE-2010-1997May 20, 2010risk 0.03cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in admin/edit.php in Saurus CMS 4.7.0 allows remote authenticated users, with "Article list" edit privileges, to inject arbitrary web script or HTML via the pealkiri parameter.
- CVE-2015-0876Apr 7, 2015risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in the print_language_selectbox function in classes/adminpage.inc.php in Saurus CMS Community Edition before 4.7 2015-02-04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2015-1562Feb 9, 2015risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter to admin/user_management.php, (2) data_search parameter to /admin/profile_data.php, or (3) filter parameter to…