99 matches found
CVE-2026-25234 PEAR is Vulnerable to SQL Injection in Category Deletion
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in category deletion can allow an attacker with access to the category manager workflow to inject SQL via a category id. This issue has been patched in version 1.33.0...
CVE-2026-25234 PEAR is Vulnerable to SQL Injection in Category Deletion
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in category deletion can allow an attacker with access to the category manager workflow to inject SQL via a category id. This issue has been patched in version 1.33.0...
CVE-2026-25233
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, logic bug in the roadmap role check allows non-lead maintainers to create, update, or delete roadmaps. This issue has been patched in version 1.33.0...
CVE-2026-25233 PEAR Has a Roadmap Authorization Bypass via Operator Precedence Bug
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, logic bug in the roadmap role check allows non-lead maintainers to create, update, or delete roadmaps. This issue has been patched in version 1.33.0...
EUVD-2026-5202
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, logic bug in the roadmap role check allows non-lead maintainers to create, update, or delete roadmaps. This issue has been patched in version 1.33.0...
CVE-2026-25233 PEAR Has a Roadmap Authorization Bypass via Operator Precedence Bug
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, logic bug in the roadmap role check allows non-lead maintainers to create, update, or delete roadmaps. This issue has been patched in version 1.33.0...
PT-2026-6284
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0...
PT-2026-6288
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in apidoc queue insertion can allow query manipulation if an attacker can influence the inserted filename value. This issue has been patched in version 1.33.0...
PT-2026-6282
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, logic bug in the roadmap role check allows non-lead maintainers to create, update, or delete roadmaps. This issue has been patched in version 1.33.0...
PT-2026-6286
Name of the Vulnerable Software and Affected Versions PEAR versions prior to 1.33.0 Description PEAR, a framework for reusable PHP components, contains a flaw related to the use of the preg replace function with the /e modifier. This can lead to PHP code execution if attacker-controlled content i...
PT-2026-6285
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...
PT-2026-6283
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in category deletion can allow an attacker with access to the category manager workflow to inject SQL via a category id. This issue has been patched in version 1.33.0...
PT-2026-6287
Name of the Vulnerable Software and Affected Versions PEAR versions prior to 1.33.0 Description PEAR is a framework and distribution system for reusable PHP components. A SQL injection issue in bug subscription deletion could allow attackers to inject SQL via a crafted email value. The issue was...
PT-2026-6289
Name of the Vulnerable Software and Affected Versions PEAR versions prior to 1.33.0 Description PEAR is a framework and distribution system for reusable PHP components. A SQL injection issue can occur in the user::maintains function when role filters are provided as an array and interpolated into...
PT-2026-6290
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, an unauthenticated SQL injection in the /get// endpoint allows remote attackers to execute arbitrary SQL via a crafted package version. This issue has been patched in version 1.33.0...
MiracleLinux 4 : php-pear-1.9.4-4.AXS4 (AXSA:2012-73:01)
The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-73:01 advisory. PEAR is a framework and distribution system for reusable PHP components. This package contains the basic PEAR components. Security issues fixed with this...
VulnCheck KEV: CVE-2020-28949
PEAR ArchiveTar allows an unserialization attack because phar: is blocked but PHAR: is not blocked. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and distribution system for reusable PHP components with known usage in third-party products such as...
Fedora 13 2011-4102
PEAR is a framework and distribution system for reusable PHP components. This package contains the basic PEAR components. Update Information: According to https://fedorahosted.org/fpc/ticket/69 and to new PHP Guidelines, move %peardocdir /usr/share/pear/doc to %docdir/pear /usr/share/doc/pear...
Fedora 14 2011-4075
PEAR is a framework and distribution system for reusable PHP components. This package contains the basic PEAR components. Update Information: According to https://fedorahosted.org/fpc/ticket/69 and to new PHP Guidelines, move %peardocdir /usr/share/pear/doc to %docdir/pear /usr/share/doc/pear...