VYPR

Security Research

by Rahulhoysala

Source repositories

CVEs (1)

  • CVE-2025-50567CriAug 19, 2025
    risk 0.65cvss 10.0epss 0.01

    Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare() function, which uses preg_replace() with the deprecated /e (eval) modifier to interpolate SQL query parameters. This leads to injection of user-controlled SQL statements, potentially leading…