Saurus CMS Community Edition SQL Injection Vulnerability

A critical SQL injection vulnerability has been identified in Saurus CMS Community Edition, specifically in the 'prepareSearchQuery()' method of 'FulltextSearch.class.php'. This vulnerability arises from the application directly concatenating user-supplied input into SQL queries without proper sanitization. As a result, attackers can manipulate the SQL logic to extract sensitive information or escalate privileges. The issue was introduced in commit d886e5b0 on April 23, 2010.

Impact

Exploitation of this vulnerability allows for unauthorized SQL injection, potentially leading to the disclosure of sensitive data such as usernames and password hashes, bypassing access controls, and in some cases, remote code execution depending on the database configuration and privileges.

Reproduction

To reproduce this vulnerability, use the public search interface 'otsing.php' and enter a crafted SQL payload into the search input. The injected SQL will be executed by the application, demonstrating the SQL injection vulnerability.

Remediation

Users are advised to update to a version of Saurus CMS Community Edition that addresses this vulnerability. For developers, it is recommended to replace raw SQL concatenation with prepared statements, sanitize and validate user input before using it in SQL queries, and consider using database abstraction layers or ORM libraries that enforce query safety.