- EPSS 0.13%
- Veröffentlicht 19.08.2025 00:00:00
- Zuletzt bearbeitet 20.08.2025 14:40:17
Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare() function, which uses preg_replace() with the deprecated /e (eval) modifier to interpolate SQL query parameters. This leads to injection of user-controlled SQL sta...
CVE-2025-52390
- EPSS 0.07%
- Veröffentlicht 01.08.2025 16:15:42
- Zuletzt bearbeitet 04.08.2025 15:06:15
Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection vulnerability in the `prepareSearchQuery()` method in `FulltextSearch.class.php`. The application directly concatenates user-supplied input (`$search_wor...
CVE-2015-0876
- EPSS 0.32%
- Veröffentlicht 07.04.2015 02:00:39
- Zuletzt bearbeitet 12.04.2025 10:46:40
Multiple cross-site scripting (XSS) vulnerabilities in the print_language_selectbox function in classes/adminpage.inc.php in Saurus CMS Community Edition before 4.7 2015-02-04 allow remote attackers to inject arbitrary web script or HTML via unspecif...
CVE-2015-1562
- EPSS 0.4%
- Veröffentlicht 09.02.2015 11:59:06
- Zuletzt bearbeitet 12.04.2025 10:46:40
Multiple cross-site scripting (XSS) vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter to admin/user_management.php, (2) data_search parameter to /admin/profile_data.php, or ...
CVE-2010-1997
- EPSS 0.46%
- Veröffentlicht 20.05.2010 17:30:01
- Zuletzt bearbeitet 11.04.2025 00:51:21
Cross-site scripting (XSS) vulnerability in admin/edit.php in Saurus CMS 4.7.0 allows remote authenticated users, with "Article list" edit privileges, to inject arbitrary web script or HTML via the pealkiri parameter.