SQL Injection Vulnerability in Saurus CMS Community Edition
CVE-2025-52390

9.1CRITICAL

Key Information:

Vendor: Saurus CMS
Status: Saurus CMS Community Edition
Vendor: CVE Published:; 1 August 2025

What is CVE-2025-52390?

Saurus CMS Community Edition versions since commit d886e5b0 are susceptible to SQL Injection through the prepareSearchQuery() method in FulltextSearch.class.php. This vulnerability arises from the direct concatenation of user-supplied input into SQL queries without proper sanitization, facilitating attackers in altering SQL logic. This may lead to unauthorized data exposure or privilege escalation, putting sensitive information at risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/sauruscms/Saurus-CMS-Community-Edition...

https://github.com/theharshkothari/vulnerability-research...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 1, 2025
Vulnerability Reserved
Jun 16, 2025

JSON

Saurus CMS

What is CVE-2025-52390?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.