Lucene search
K

4 matches found

NVD
NVD
added 2026/02/03 7:16 p.m.9 views

CVE-2026-25241

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, an unauthenticated SQL injection in the /get// endpoint allows remote attackers to execute arbitrary SQL via a crafted package version. This issue has been patched in version 1.33.0...

9.8CVSS0.00413EPSS
Exploits0References1
OSV
OSV
added 2026/02/03 7:16 p.m.4 views

UBUNTU-CVE-2026-25241

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, an unauthenticated SQL injection in the /get// endpoint allows remote attackers to execute arbitrary SQL via a crafted package version. This issue has been patched in version 1.33.0...

9.8CVSS6.1AI score0.00413EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/03 6:29 p.m.31 views

CVE-2026-25236 PEAR is Vulnerable to SQL Injection in Damblan_Karma IN() Query via Literal Substitution

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...

6.9CVSS0.00266EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 6:29 p.m.12 views

CVE-2026-25236

CVE-2026-25236 affects the PEAR PHP framework. The vulnerability is a SQL injection risk in karma queries caused by unsafe literal substitution for an IN (...) list. Root cause: unsafe literal handling in Karma DAMBLAN-related queries prior to version 1.33.0. Impact: potential SQL injection. Miti...

9.8CVSS5.6AI score0.00266EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder