29 matches found
CVE-2022-27158
pearweb 1.32 suffers from Deserialization of Untrusted Data...
CVE-2022-27158
pearweb 1.32 suffers from Deserialization of Untrusted Data...
CVE-2022-27158
The CVE-2022-27158 entry affects pearweb prior to 1.32, with the root cause being Deserialization of Untrusted Data. According to sources, this vulnerability impacts confidentiality, integrity, and availability (high impact) and is exploitable over the network with low complexity and no authentic...
CVE-2022-27157
pearweb 1.32 is suffers from a Weak Password Recovery Mechanism via include/users/passwordmanage.php...
CVE-2022-27157
pearweb 1.32 is suffers from a Weak Password Recovery Mechanism via include/users/passwordmanage.php...
CVE-2022-27157
Pearweb
pearweb 代码问题漏洞
pearweb is a PHP extension and application repository. A security vulnerability exists in pearweb before 1.32, which stems from deserialization of untrusted data...
pearweb 授权问题漏洞
pearweb is a PHP extension and application repository. pearweb has a security vulnerability that stems from a weak password recovery mechanism in include/users/passwordmanage.php, and no details of the vulnerability are currently available...
The vulnerability lies in the implementation of the `mt_rand()` and `time()` functions in the pearweb package’s PHP classes from the PEAR library. This allows an attacker to gain unauthorized access to protected information or execute arbitrary code.
The vulnerability in the implementation of the mtrand and time functions in the pearweb package’s PHP class library in the PEAR library is related to the use of an insufficiently secure MD5 encryption algorithm. Exploiting this vulnerability could allow an attacker to gain unauthorized access to...