59 matches found
EUVD-2015-1695
Malware in sbrugna...
EUVD-2010-2016
Malware in sbrugna...
EUVD-2015-0886
Malware in sbrugna...
EUVD-2010-4907
Malware in sbrugna...
EUVD-2025-23366
Malicious code in bioql PyPI...
CVE-2025-50567
Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare function, which uses pregreplace with the deprecated /e eval modifier to interpolate SQL query parameters. This leads to injection of user-controlled SQL statements, potentially leading to arbitrary PHP code...
CVE-2025-50567
Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare function, which uses pregreplace with the deprecated /e eval modifier to interpolate SQL query parameters. This leads to injection of user-controlled SQL statements, potentially leading to arbitrary PHP code...
Saurus CMS Community Edition 安全漏洞
Saurus CMS Community Edition is a content management system for Saurus individual developers. A security vulnerability exists in Saurus CMS Community Edition version 4.7.1, which stems from improper handling of SQL query parameters and could lead to SQL injection attacks...
CVE-2025-52390
Saurus CMS Community Edition since commit d886e5b0 2010-04-23 is vulnerable to a SQL Injection vulnerability in the prepareSearchQuery method in FulltextSearch.class.php. The application directly concatenates user-supplied input $searchword into SQL queries without sanitization, allowing attacker...
CVE-2025-52390
Saurus CMS Community Edition since commit d886e5b0 2010-04-23 is vulnerable to a SQL Injection vulnerability in the prepareSearchQuery method in FulltextSearch.class.php. The application directly concatenates user-supplied input $searchword into SQL queries without sanitization, allowing attacker...
CVE-2025-52390
CVE-2025-52390 – Saurus CMS Community Edition is affected since commit d886e5b0 (2010-04-23). The vulnerability is a SQL Injection in the FulltextSearch.class.php -> prepareSearchQuery() where user input ($search_word) is directly concatenated into SQL queries without sanitization. This can al...
CVE-2025-52390
Saurus CMS Community Edition since commit d886e5b0 2010-04-23 is vulnerable to a SQL Injection vulnerability in the prepareSearchQuery method in FulltextSearch.class.php. The application directly concatenates user-supplied input $searchword into SQL queries without sanitization, allowing attacker...
Saurus CMS Community Edition 安全漏洞
Saurus CMS Community Edition is a content management system for Saurus individual developers. A security vulnerability exists in Saurus CMS Community Edition version d886e5b0 and later versions, which stems from a failure to clean up user input in the prepareSearchQuery method in...
PT-2025-31648 · Unknown · Saurus Cms Community Edition
Name of the Vulnerable Software and Affected Versions: Saurus CMS Community Edition versions since commit d886e5b0 2010-04-23 Description: Saurus CMS Community Edition is susceptible to a SQL Injection issue due to the direct concatenation of user-supplied input $search word into SQL queries with...
CVE-2025-52390
Saurus CMS Community Edition since commit d886e5b0 2010-04-23 is vulnerable to a SQL Injection vulnerability in the prepareSearchQuery method in FulltextSearch.class.php. The application directly concatenates user-supplied input $searchword into SQL queries without sanitization, allowing attacker...
Exploit for CVE-2025-52390
🔍 Vulnerability Research & Security Disclosures by Harsh Koth...
CVE-2015-1562
Multiple cross-site scripting XSS vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to inject arbitrary web script or HTML via the 1 search parameter to admin/usermanagement.php, 2 datasearch parameter to /admin/profiledata.php, or 3 filter parameter to errorlog.php...
CVE-2010-4943
Multiple PHP remote file inclusion vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to execute arbitrary PHP code via a URL in the classpath parameter to 1 file.php or 2 comdel.php...
Saurus CMS <= 4.7 Multiple XSS Vulnerabilities
Saurus CMS is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2015-0876
Multiple cross-site scripting XSS vulnerabilities in the printlanguageselectbox function in classes/adminpage.inc.php in Saurus CMS Community Edition before 4.7 2015-02-04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...