Security Advisory

CVE-2025-50567

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-08-19 00:00:00

Last updated 2025-08-19 14:01:15

Assigner mitre

State PUBLISHED

Description

Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare() function, which uses preg_replace() with the deprecated /e (eval) modifier to interpolate SQL query parameters. This leads to injection of user-controlled SQL statements, potentially leading to arbitrary PHP code execution.

← Browse all CVEs View on cve.org ↗