Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection

链接： https://github.com/advisories/GHSA-xfj7-2jg6-3957

CVSS 评分： 9.1

参考链接：

描述：

Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection vulnerability in the prepareSearchQuery() method in FulltextSearch.class.php. The application directly concatenates user-supplied input ($search_word) into SQL queries without sanitization, allowing attackers to manipulate the SQL logic and potentially extract sensitive information or escalate their privileges.

安全公告

#Github Advisory

Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection

http://example.com/2025/08/01/github_1597293290/

作者

lianccc

发布于

2025年8月1日

许可协议

Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view 上一篇

The modelscope/ms-swift library thru 261 is vulnerable to arbitrary code execution through 下一篇