4 matches found
CVE-2026-25241
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, an unauthenticated SQL injection in the /get// endpoint allows remote attackers to execute arbitrary SQL via a crafted package version. This issue has been patched in version 1.33.0...
UBUNTU-CVE-2026-25241
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, an unauthenticated SQL injection in the /get// endpoint allows remote attackers to execute arbitrary SQL via a crafted package version. This issue has been patched in version 1.33.0...
CVE-2026-25236 PEAR is Vulnerable to SQL Injection in Damblan_Karma IN() Query via Literal Substitution
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...
CVE-2026-25236
CVE-2026-25236 affects the PEAR PHP framework. The vulnerability is a SQL injection risk in karma queries caused by unsafe literal substitution for an IN (...) list. Root cause: unsafe literal handling in Karma DAMBLAN-related queries prior to version 1.33.0. Impact: potential SQL injection. Miti...