CVE-2025-50567 is a vulnerability identified in Saurus CMS Community Edition version 4.7.1, specifically within its custom DB::prepare() function. This function improperly uses PHP's preg_replace() function with the deprecated /e (eval) modifier to interpolate SQL query parameters. The /e modifier causes the replacement string to be evaluated as PHP code, which introduces a critical security flaw. An attacker can exploit this by injecting malicious SQL statements that are then executed as PHP code, leading to arbitrary code execution on the server hosting the CMS. This vulnerability arises from unsafe handling of user input in the database query preparation phase, effectively enabling SQL injection combined with remote code execution (RCE). The lack of proper input sanitization and reliance on deprecated and unsafe PHP features makes this vulnerability particularly dangerous. Although no known exploits are currently reported in the wild, the potential for exploitation is significant due to the direct execution of attacker-controlled code. No official patches or fixes have been linked yet, indicating that affected users must take immediate protective measures. The vulnerability was reserved in June 2025 and published in August 2025, highlighting its recent discovery and the need for prompt attention by users of Saurus CMS 4.7.1.

For European organizations using Saurus CMS Community Edition 4.7.1, this vulnerability poses a severe risk. Successful exploitation can lead to full compromise of the web server, enabling attackers to execute arbitrary PHP code, manipulate or exfiltrate sensitive data, deface websites, or use the compromised server as a pivot point for further attacks within the network. Given that CMS platforms often manage public-facing websites, this can result in reputational damage, regulatory non-compliance (especially under GDPR if personal data is involved), and operational disruptions. The arbitrary code execution capability also increases the risk of persistent backdoors and malware deployment. Organizations in sectors such as government, finance, healthcare, and critical infrastructure in Europe, which rely on web content management systems, could face significant operational and legal consequences if exploited. The absence of known exploits currently provides a window for mitigation, but the ease of exploitation due to the nature of the vulnerability demands urgent remediation.

1. Immediate upgrade or patching: Organizations should check for any official patches or updates from Saurus CMS addressing this vulnerability and apply them promptly. 2. If no patch is available, disable or replace the vulnerable DB::prepare() function with secure alternatives that do not use preg_replace() with the /e modifier. Refactor code to use parameterized queries or prepared statements provided by modern database libraries. 3. Implement Web Application Firewall (WAF) rules to detect and block suspicious SQL injection patterns targeting the vulnerable endpoints. 4. Conduct thorough code audits and penetration testing focused on input validation and database query handling within the CMS. 5. Restrict permissions of the web server user to minimize the impact of potential code execution. 6. Monitor logs for unusual activity indicative of exploitation attempts. 7. Consider isolating or migrating critical web applications to more secure CMS platforms if remediation is not feasible in the short term. 8. Educate development and security teams about the dangers of deprecated PHP features and secure coding practices to prevent similar vulnerabilities.