Lucene search
K

99 matches found

Cvelist
Cvelist
added 2026/02/03 6:29 p.m.34 views

CVE-2026-25234 PEAR is Vulnerable to SQL Injection in Category Deletion

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in category deletion can allow an attacker with access to the category manager workflow to inject SQL via a category id. This issue has been patched in version 1.33.0...

5.3CVSS0.00252EPSS
Exploits0References1
OSV
OSV
added 2026/02/03 6:29 p.m.5 views

CVE-2026-25234 PEAR is Vulnerable to SQL Injection in Category Deletion

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in category deletion can allow an attacker with access to the category manager workflow to inject SQL via a category id. This issue has been patched in version 1.33.0...

5.3CVSS5.7AI score0.00252EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/03 6:29 p.m.4 views

CVE-2026-25233

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, logic bug in the roadmap role check allows non-lead maintainers to create, update, or delete roadmaps. This issue has been patched in version 1.33.0...

7.1CVSS5.3AI score0.00314EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/02/03 6:29 p.m.24 views

CVE-2026-25233 PEAR Has a Roadmap Authorization Bypass via Operator Precedence Bug

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, logic bug in the roadmap role check allows non-lead maintainers to create, update, or delete roadmaps. This issue has been patched in version 1.33.0...

7.1CVSS0.00314EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/03 6:29 p.m.5 views

EUVD-2026-5202

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, logic bug in the roadmap role check allows non-lead maintainers to create, update, or delete roadmaps. This issue has been patched in version 1.33.0...

7.1CVSS5.3AI score0.00314EPSS
Exploits0References1
OSV
OSV
added 2026/02/03 6:29 p.m.4 views

CVE-2026-25233 PEAR Has a Roadmap Authorization Bypass via Operator Precedence Bug

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, logic bug in the roadmap role check allows non-lead maintainers to create, update, or delete roadmaps. This issue has been patched in version 1.33.0...

7.1CVSS5.4AI score0.00314EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.9 views

PT-2026-6284

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0...

8.2CVSS5.4AI score0.0025EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.5 views

PT-2026-6288

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in apidoc queue insertion can allow query manipulation if an attacker can influence the inserted filename value. This issue has been patched in version 1.33.0...

8.2CVSS5.7AI score0.00214EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.10 views

PT-2026-6282

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, logic bug in the roadmap role check allows non-lead maintainers to create, update, or delete roadmaps. This issue has been patched in version 1.33.0...

9.1CVSS5.4AI score0.00314EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.10 views

PT-2026-6286

Name of the Vulnerable Software and Affected Versions PEAR versions prior to 1.33.0 Description PEAR, a framework for reusable PHP components, contains a flaw related to the use of the preg replace function with the /e modifier. This can lead to PHP code execution if attacker-controlled content i...

9.8CVSS6.1AI score0.00395EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.8 views

PT-2026-6285

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...

9.8CVSS5.7AI score0.00266EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.4 views

PT-2026-6283

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in category deletion can allow an attacker with access to the category manager workflow to inject SQL via a category id. This issue has been patched in version 1.33.0...

9.8CVSS5.7AI score0.00252EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.8 views

PT-2026-6287

Name of the Vulnerable Software and Affected Versions PEAR versions prior to 1.33.0 Description PEAR is a framework and distribution system for reusable PHP components. A SQL injection issue in bug subscription deletion could allow attackers to inject SQL via a crafted email value. The issue was...

9.8CVSS5.7AI score0.00266EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.6 views

PT-2026-6289

Name of the Vulnerable Software and Affected Versions PEAR versions prior to 1.33.0 Description PEAR is a framework and distribution system for reusable PHP components. A SQL injection issue can occur in the user::maintains function when role filters are provided as an array and interpolated into...

9.8CVSS5.7AI score0.00266EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.5 views

PT-2026-6290

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, an unauthenticated SQL injection in the /get// endpoint allows remote attackers to execute arbitrary SQL via a crafted package version. This issue has been patched in version 1.33.0...

9.8CVSS6.3AI score0.00413EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.5 views

MiracleLinux 4 : php-pear-1.9.4-4.AXS4 (AXSA:2012-73:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-73:01 advisory. PEAR is a framework and distribution system for reusable PHP components. This package contains the basic PEAR components. Security issues fixed with this...

6.8CVSS5.8AI score0.07288EPSS
Exploits2References2
VulnCheck KEV
VulnCheck KEV
added 2022/08/25 12:0 a.m.2 views

VulnCheck KEV: CVE-2020-28949

PEAR ArchiveTar allows an unserialization attack because phar: is blocked but PHAR: is not blocked. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and distribution system for reusable PHP components with known usage in third-party products such as...

7.8CVSS7.2AI score0.84554EPSS
Exploits4References1
Tenable Nessus
Tenable Nessus
added 2011/04/07 12:0 a.m.10 views

Fedora 13 2011-4102

PEAR is a framework and distribution system for reusable PHP components. This package contains the basic PEAR components. Update Information: According to https://fedorahosted.org/fpc/ticket/69 and to new PHP Guidelines, move %peardocdir /usr/share/pear/doc to %docdir/pear /usr/share/doc/pear...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2011/04/07 12:0 a.m.10 views

Fedora 14 2011-4075

PEAR is a framework and distribution system for reusable PHP components. This package contains the basic PEAR components. Update Information: According to https://fedorahosted.org/fpc/ticket/69 and to new PHP Guidelines, move %peardocdir /usr/share/pear/doc to %docdir/pear /usr/share/doc/pear...

7.2AI score
Exploits0
Rows per page
Query Builder