High
CVE-2025-8986
A vulnerability was determined in SourceCodester COVID 19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /search-report-result.php. The manipulation o…
Tag: SQL Injection
All CVEs associated with "SQL Injection". Page 27/174 • 20871 CVEs.
Subscribe CVEs: RSS for “SQL Injection” · RSS (High+Critical only)
About “SQL Injection”
A curated feed of “SQL Injection”-related CVEs appears below. We currently track 20871 CVEs for this tag (all time). In the last 365 days, 4069 were published. Average CVSS is 7.7 (all time; 7.3 over 365d), and 76% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE-20 - Improper Input Validation.
In our taxonomy this topic maps to a HIGH impact class. Common exploitation patterns for this weakness can lead to high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-08-14
High
CVE-2025-8985
A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argume…
High
CVE-2025-8984
A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/expense_category.php. The manipulation of th…
High
CVE-2025-8983
A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/expense.php. The manipulation of…
High
CVE-2025-8982
A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/currency.php. The manipulation of th…
High
CVE-2025-8981
A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/operations/payment.php. The manipulation of the argument paymen…
High
CVE-2025-55708
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows SQL Injection.This issue affec…
High
CVE-2025-52797
Cross-Site Request Forgery (CSRF) vulnerability in josepsitjar StoryMap wp-storymap allows SQL Injection.This issue affects StoryMap: from n/a through <= 2.1.
High
CVE-2025-8973
A vulnerability has been found in SourceCodester Cashier Queuing System 1.0. Affected is an unknown function of the file /Actions.php. The manipulation of the argument Username leads to sql injection…
High
CVE-2025-8972
A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/page-login.php. The manipulation of the argu…
High
CVE-2025-8971
A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/travellers.php. The manipulation of…
High
CVE-2025-8970
A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/operations/booking.php. The manipulation of the argument ID lea…
High
CVE-2025-8969
A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/approve_user.php. The manipulation…
High
CVE-2025-8968
A vulnerability was identified in itsourcecode Online Tour and Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/disapprove_user.php. The man…
High
CVE-2025-8967
A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/packages.php. The manipulation of the argume…
High
CVE-2025-8966
A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/tax.php. The manipulation of the argum…
High
CVE-2025-8715
Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql…
High
CVE-2025-8960
A vulnerability has been found in Campcodes Online Flight Booking Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/save_airlines.php. The manipulation of…
High
CVE-2025-8957
A vulnerability was determined in Campcodes Online Flight Booking Management System 1.0. Affected is an unknown function of the file /flights.php. The manipulation of the argument departure_airport_i…
Critical
CVE-2025-54707
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows SQL Injection.This issue affects M…
Critical
CVE-2025-54678
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects…
Critical
CVE-2025-54669
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RomanCode MapSVG mapsvg allows SQL Injection.This issue affects MapSVG: from n/a through < 8.7.4.
High
CVE-2025-52823
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ovatheme Cube Portfolio cubeportfolio allows SQL Injection.This issue affects Cube Portfolio: fro…
High
CVE-2025-52820
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in infosoftplugin WooCommerce Point Of Sale (POS) woo-point-of-salepos allows SQL Injection.This iss…
Critical
CVE-2025-52720
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder superstorefinder-wp allows SQL Injection.This issue affects Super S…
High
CVE-2025-49267
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps acf-frontend-form-element allows Blind SQL Injection.T…
Critical
CVE-2025-49059
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CleverReach® CleverReach® WP cleverreach-wp allows SQL Injection.This issue affects CleverReach®…
High
CVE-2025-49033
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Blind SQL Injectio…
High
CVE-2025-39510
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Pinterest Automatic Pin wp-pinterest-automatic allows SQL Injection.This issue affects…
High
CVE-2025-30998
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rico Macchi WP Links Page wp-links-page allows SQL Injection.This issue affects WP Links Page: fr…
High
CVE-2025-8955
A vulnerability has been found in PHPGurukul Hospital Management System 4.0. This vulnerability affects unknown code of the file /admin/edit-doctor.php. The manipulation of the argument docfees leads…
High
CVE-2025-8954
A vulnerability was identified in PHPGurukul Hospital Management System 4.0. This affects an unknown part of the file /admin/doctor-specilization.php. The manipulation of the argument doctorspeciliza…
High
CVE-2025-8953
A vulnerability was determined in SourceCodester COVID 19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /check_availability.php. The manipulation of…
High
CVE-2025-8952
A vulnerability was found in Campcodes Online Flight Booking Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login of the componen…
High
CVE-2025-8951
A vulnerability has been found in PHPGurukul Teachers Record Management System 2.1. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to…
High
CVE-2025-8950
A vulnerability was identified in Campcodes Online Recruitment Management System 1.0. This issue affects some unknown processing of the file /Recruitment/index.php?page=view_vacancy. The manipulation…
High
CVE-2025-8948
A vulnerability was determined in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /front.php. The manipulation of the argument rid leads to sql injection. It…
High
CVE-2025-8947
A vulnerability was found in projectworlds Visitor Management System 1.0. This issue affects some unknown processing of the file /query_data.php. The manipulation of the argument dateF/dateP leads to…
High
CVE-2025-8946
A vulnerability has been found in projectworlds Online Notes Sharing Platform 1.0. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument User leads to sql i…
High
CVE-2025-8936
A vulnerability was determined in 1000 Projects Sales Management System 1.0. Affected by this issue is some unknown functionality of the file /superstore/dist/dordupdate.php. The manipulation of the…
High
CVE-2025-8935
A vulnerability was found in 1000 Projects Sales Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /superstore/custcmp.php. The manipulation of the argumen…
High
CVE-2025-8932
A vulnerability was determined in 1000 Projects Sales Management System 1.0. This vulnerability affects unknown code of the file /superstore/admin/sales.php. The manipulation of the argument ssalesca…
Medium
CVE-2025-8931
A vulnerability was determined in code-projects Medical Store Management System 1.0. Affected is an unknown function of the file ChangePassword.java. The manipulation of the argument newPassTxt leads…
Medium
CVE-2025-8930
A vulnerability was found in code-projects Medical Store Management System 1.0. This issue affects some unknown processing of the file UpdateCompany.java of the component Update Company Page. The man…
2025-08-13
Medium
CVE-2025-8929
A vulnerability has been found in code-projects Medical Store Management System 1.0. This vulnerability affects unknown code of the file MainPanel.java. The manipulation of the argument searchTxt lea…
Medium
CVE-2025-8928
A vulnerability was identified in code-projects Medical Store Management System 1.0. This affects an unknown part of the file UpdateMedicines.java of the component Update Medicines Page. The manipula…
High
CVE-2025-8926
A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument…
High
CVE-2025-8925
A vulnerability has been found in itsourcecode Sports Management System 1.0. Affected is an unknown function of the file /Admin/match.php. The manipulation of the argument code leads to sql injection…
High
CVE-2025-8924
A vulnerability was identified in Campcodes Online Water Billing System 1.0. This issue affects some unknown processing of the file /viewbill.php. The manipulation of the argument ID leads to sql inj…
High
CVE-2025-8923
A vulnerability was determined in code-projects Job Diary 1.0. This vulnerability affects unknown code of the file /edit-details.php. The manipulation of the argument ID leads to sql injection. The a…
High
CVE-2025-8922
A vulnerability was found in code-projects Job Diary 1.0. This affects an unknown part of the file /admin-inbox.php. The manipulation of the argument ID leads to sql injection. It is possible to init…
High
CVE-2025-8921
A vulnerability has been found in code-projects Job Diary 1.0. Affected by this issue is some unknown functionality of the file /user-apply.php. The manipulation of the argument job_title leads to sq…
Medium
CVE-2025-8908
A vulnerability was determined in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. Affected by this issue is some unknown functionality of the file crm/WeiXinApp/yunzhijia/event.p…
Medium
CVE-2025-8914
Organization Portal System developed by WellChoose has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
High
CVE-2025-6184
The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter used in the get_submitted_assignments() function in a…
2025-08-12
Critical
CVE-2025-55168
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a SQL Injection vulnerability was identified in the /html/saude/aplica…
High
CVE-2025-53727
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
High
CVE-2025-49759
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
High
CVE-2025-49758
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
High
CVE-2025-47954
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
Critical
CVE-2025-55167
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a SQL Injection vulnerability was identified in the /html/funcionario/…
High
CVE-2025-8296
SQL injection in Ivanti Avalanche before version 6.4.8.8008 allows a remote authenticated attacker with admin privileges to execute arbitrary SQL queries. In certain conditions, this can also lead to…
2025-08-11
High
CVE-2025-55156
pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter add_links in API /json/add_package is vulnerable to SQL Injection. Attackers…
Critical
CVE-2024-32640
MASA CMS is an Enterprise Content Management platform based on open source technology. Versions prior to 7.4.5, 7.3.12, and 7.2.7 contain a SQL injection vulnerability in the `processAsyncObject` met…
2025-08-10
High
CVE-2025-8811
A vulnerability, which was classified as critical, has been found in code-projects Simple Art Gallery 1.0. Affected by this issue is some unknown functionality of the file /Admin/registration.php. Th…
High
CVE-2025-8809
A vulnerability classified as critical has been found in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /addelidetails.php. The manipulation of the argument del…
Medium
CVE-2025-8806
A vulnerability was found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. It has been classified as critical. This affects an unknown part of the file /adpweb/a/sys/office/…
2025-08-09
High
CVE-2025-8773
A vulnerability, which was classified as critical, was found in Dinstar Monitoring Platform 甘肃省危险品库监控平台 1.0. Affected is an unknown function of the file /itc/$%7BappPath%7D/login_getPasswordErrorNum.…
High
CVE-2025-8744
A vulnerability classified as critical was found in CesiumLab Web up to 4.0. This vulnerability affects unknown code of the file /lodmodels/. The manipulation of the argument ID leads to sql injectio…
2025-08-08
Critical
CVE-2012-10047
Cyclope Employee Surveillance Solution versions 6.x are vulnerable to a SQL injection flaw in its login mechanism. The username parameter in the auth-login POST request is not properly sanitized, all…
High
CVE-2025-52914
A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 (10.0.1.101) could allow an authenticated attacker to conduct a SQL Injection attack due to insuffi…
Medium
CVE-2025-50928
Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the Change Settings function.
Medium
CVE-2025-50468
OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the DocStoreDAO interface. The entityType parameters can be used to…
Medium
CVE-2025-50467
OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The supportedDataTypeParam paramet…
High
CVE-2025-50466
OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The entityType parameter can be us…
High
CVE-2025-50465
OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The testPlatform parameter can be…
Medium
CVE-2025-8706
A vulnerability has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /Co…
Medium
CVE-2025-8705
A vulnerability, which was classified as critical, was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. Affected is an unknown function of the file /WEAS_HomePage/GetTargetCon…
Medium
CVE-2025-8704
A vulnerability, which was classified as critical, has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This issue affects some unknown processing of the file /WEAS_Alarm…
Medium
CVE-2025-8703
A vulnerability classified as critical was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This vulnerability affects unknown code of the file /WEAS_HomePage/GetAreaTrendChar…
Medium
CVE-2025-8702
A vulnerability classified as critical has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This affects an unknown part of the file /CommonSolution/GetVariableByOneIDNew…
2025-08-07
Medium
CVE-2025-8701
A vulnerability was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /OL_Oprati…
High
CVE-2023-41532
Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the doctor_contact parameter in doctorsearch.php.
High
CVE-2023-41531
Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func3.php via the username1 and password2 parameters.
Critical
CVE-2023-41530
Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php.
Critical
CVE-2023-41528
Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in contact.php via the txtname, txtphone, and txtmail parameters.
Critical
CVE-2023-41527
Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the password2 parameter in func.php.
Critical
CVE-2023-41526
Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func1.php via the username3 and password3 parameters.
Critical
CVE-2023-41525
Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php.
High
CVE-2023-41524
Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the username parameter at index.php.
High
CVE-2023-41523
Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the emailAddress parameter at createClassTeacher.php.
High
CVE-2023-41522
Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createStudents.php via the Id, firstname, and admissionNumber parameters.
High
CVE-2023-41521
Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createSessionTerm.php via the id, termId, and sessionName parameters.
High
CVE-2023-41520
Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createClassArms.php via the classId and classArmName parameters.
Medium
CVE-2023-40992
Hospital Management System 4 is vulnerable to a SQL injection in /Hospital-Management-System-master/func.php via the password2 parameter.
Medium
CVE-2025-54396
Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows SQL Injection. Authenticated users can exploit this.
High
CVE-2025-54788
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions and below, the InboundEmail module allows the arbitrary execution of queries in t…
2025-08-06
High
CVE-2025-7036
The CleverReach® WP plugin for WordPress is vulnerable to time-based SQL Injection via the ‘title’ parameter in all versions up to, and including, 1.5.20 due to insufficient escaping on the user supp…
Medium
CVE-2025-6986
The FileBird – WordPress Media Library Folders & File Manager plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in all versions up to, and including, 6.4.8 due to insuffi…
2025-08-04
Critical
CVE-2025-50341
A Boolean-based SQL injection vulnerability was discovered in Axelor 5.2.4 via the _domain parameter. An attacker can manipulate the SQL query logic and determine true/false conditions, potentially l…
Critical
CVE-2025-51535
Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a SQL injection vulnerability.
2025-08-03
High
CVE-2025-8503
A vulnerability, which was classified as critical, has been found in code-projects Online Medicine Guide 1.0. Affected by this issue is some unknown functionality of the file /adaddmed.php. The manip…
High
CVE-2025-8502
A vulnerability classified as critical was found in code-projects Online Medicine Guide 1.0. Affected by this vulnerability is an unknown functionality of the file /changepass.php. The manipulation o…
Medium
CVE-2025-8500
A vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /insert-and-view/action.php. The…
High
CVE-2025-8499
A vulnerability was found in code-projects Online Medicine Guide 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cusfindambulence2.php. The manipulation of…
High
CVE-2025-8498
A security vulnerability has been detected in code-projects Online Medicine Guide 1.0. This vulnerability affects unknown code of the file /cart/index.php. Such manipulation of the argument uname lea…
High
CVE-2025-8497
A weakness has been identified in code-projects Online Medicine Guide 1.0. This affects an unknown part of the file /cusfindphar2.php. This manipulation of the argument Search causes sql injection. R…
High
CVE-2025-8496
A vulnerability has been found in projectworlds Online Admission System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /viewform.php. The manip…
High
CVE-2025-8495
A vulnerability, which was classified as critical, was found in code-projects Intern Membership Management System 1.0. Affected is an unknown function of the file /admin/edit_admin_query.php. The man…
High
CVE-2025-8494
A vulnerability, which was classified as critical, has been found in code-projects Intern Membership Management System 1.0. This issue affects some unknown processing of the file /admin/delete_studen…
2025-08-02
High
CVE-2025-8493
A vulnerability classified as critical was found in code-projects Intern Membership Management System 1.0. This vulnerability affects unknown code of the file /admin/edit_student_query.php. The manip…
High
CVE-2025-8471
A vulnerability, which was classified as critical, has been found in projectworlds Online Admission System 1.0. This issue affects some unknown processing of the file /adminlogin.php. The manipulatio…
High
CVE-2025-8470
A vulnerability classified as critical was found in SourceCodester Online Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /admin/deleteroom.php. The manipulation of…
High
CVE-2025-8469
A vulnerability classified as critical has been found in SourceCodester Online Hotel Reservation System 1.0. This affects an unknown part of the file /admin/deletegallery.php. The manipulation of the…
High
CVE-2025-8468
A vulnerability was found in code-projects Wazifa System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /controllers/reset.php. The manipulation…
High
CVE-2025-8467
A vulnerability was found in code-projects Wazifa System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /controllers/regcontrol.php. The…
High
CVE-2025-8466
A vulnerability was found in code-projects Online Farm System 1.0. It has been classified as critical. Affected is an unknown function of the file /forgot_passfarmer.php. The manipulation of the argu…
2025-08-01
High
CVE-2013-10044
An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. Once e…
Medium
CVE-2025-50868
A SQL Injection vulnerability exists in the takeassessment2.php file of CloudClassroom-PHP-Project 1.0. The Q4 POST parameter is not properly sanitized before being used in SQL queries.
Critical
CVE-2025-52390
Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection vulnerability in the `prepareSearchQuery()` method in `FulltextSearch.class.php`. The application dire…