CNNVD-202508-057 Information

CNNVD ID

CNNVD-202508-057

Related CVE

CVE-2025-52390

• CNNVD Published: 2025-08-01

Description (Chinese)

Saurus CMS Community Edition是Saurus个人开发者的一个内容管理系统。 Saurus CMS Community Edition d886e5b0版本及之后版本存在安全漏洞，该漏洞源于FulltextSearch.class.php中prepareSearchQuery方法未清理用户输入，可能导致SQL注入攻击。

Description (English)

Saurus CMS Commission is a content management system for Saurus personal developers. There is a security loophole in the Saurus CMS Commission d886e5b0 and later versions, which stems from the uncleaned user input of the PrepareSearchQuery method in FulltextSearch.class.php, which could lead to an SQL injection attack.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-08-01

Last Modified

2026-02-24

References

https://github.com/sauruscms/Saurus-CMS-Community-Edition/blob/d886e5b0c1e2b42cd74e2184e7c81c720cd9de6b/classes/FulltextSearch.class.php#L331 https://github.com/theharshkothari/vulnerability-research/blob/main/CVE-2025-52390.md https://access.redhat.com/security/cve/cve-2025-52390