Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection vulnerability in the `prepareSearchQuery()` method in `FulltextSearch.class.php`. The application directly concatenates user-supplied input (`$search_word`) into SQL queries without sanitization, allowing attackers to manipulate the SQL logic and potentially extract sensitive information or escalate their privileges.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Saurus CMS Community Edition 安全漏洞
Vulnerability Description
Saurus CMS Community Edition是Saurus个人开发者的一个内容管理系统。 Saurus CMS Community Edition d886e5b0版本及之后版本存在安全漏洞,该漏洞源于FulltextSearch.class.php中prepareSearchQuery方法未清理用户输入,可能导致SQL注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A