UBUNTU-CVE-2026-25237

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, use of pregreplace with the /e modifier in bug update email handling can enable PHP code execution if attacker-controlled content reaches the evaluated replacement. This issue has been patched in...

CVE-2026-25237 PEAR is Vulnerable to PHP Code Execution via preg_replace /e in Bug Update Emails

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, use of pregreplace with the /e modifier in bug update email handling can enable PHP code execution if attacker-controlled content reaches the evaluated replacement. This issue has been patched in...

EUVD-2026-5198

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, use of pregreplace with the /e modifier in bug update email handling can enable PHP code execution if attacker-controlled content reaches the evaluated replacement. This issue has been patched in...

CVE-2026-25237

CVE-2026-25237 affects the PEAR framework. Prior to version 1.33.0, handling of bug update emails using preg_replace() with the /e modifier can lead to PHP code execution when attacker-controlled content is evaluated. The issue has been fixed in PEAR version 1.33.0. Based on connected documents, ...

CVE-2018-19520

An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a checkbad function in an attempt to block certain PHP functions such as eval, but does not prevent use of pregreplace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin...