Lucene search
K
PearPearweb

9 matches found

CVE
CVE
added 2026/02/03 6:29 p.m.21 views

CVE-2026-25234

PEAR (PHP components framework) before version 1.33.0 is vulnerable to a SQL injection in the category deletion operation when an attacker can access the category manager workflow. The root cause is unsafely handling the category id in this workflow, enabling SQL injection. The issue has been fix...

9.8CVSS5.7AI score0.00252EPSS
CVE
CVE
added 2026/02/03 6:29 p.m.21 views

CVE-2026-25235

CVE-2026-25235 affects PEAR (PHP components framework). Before version 1.33.0, predictable verification hashes could allow an attacker to guess verification tokens and potentially verify election account requests without authorization. The issue has been patched in version 1.33.0. Affected scope ...

8.2CVSS5.3AI score0.0025EPSS
CVE
CVE
added 2026/02/03 6:30 p.m.20 views

CVE-2026-25239

CVE-2026-25239 affects PEAR prior to version 1.33.0, where a SQL injection vulnerability exists in the apidoc queue insertion that could allow query manipulation if an attacker can influence the inserted filename value. The issue has been patched in version 1.33.0. Connected sources (Red Hat, NVD...

8.2CVSS5.6AI score0.00214EPSS
CVE
CVE
added 2026/02/03 6:30 p.m.19 views

CVE-2026-25238

PEAR framework: Vulnerable before version 1.33.0 due to SQL injection in bug subscription deletion via crafted email value. Root cause is weak email validation that permits SQL injection in the deletion flow. Impact is described as high for confidentiality, integrity, and availability. The issue ...

9.8CVSS5.6AI score0.00266EPSS
CVE
CVE
added 2026/02/03 6:29 p.m.17 views

CVE-2026-25233

PEAR framework (PHP) is affected by a logic bug in the roadmap role check that allowed non-lead maintainers to create, update, or delete roadmaps. The issue is caused by an operator precedence/authorization flaw and has been patched in version 1.33.0. Red Hat/Ubuntu/NVD references describe the sa...

9.1CVSS5.3AI score0.00314EPSS
CVE
CVE
added 2026/02/03 6:29 p.m.16 views

CVE-2026-25237

CVE-2026-25237 affects the PEAR framework. Prior to version 1.33.0, handling of bug update emails using preg_replace() with the /e modifier can lead to PHP code execution when attacker-controlled content is evaluated. The issue has been fixed in PEAR version 1.33.0. Based on connected documents, ...

9.8CVSS6AI score0.00395EPSS
CVE
CVE
added 2026/02/03 6:31 p.m.15 views

CVE-2026-25241

PEAR (PHP) is affected by CVE-2026-25241. Prior to version 1.33.0, an unauthenticated SQL injection in the /get// endpoint allows remote attackers to inject and execute arbitrary SQL. The issue is mitigated by upgrading to version 1.33.0, where the vulnerability is patched. The available connecte...

9.8CVSS6.1AI score0.00413EPSS
Web
CVE
CVE
added 2026/02/03 6:29 p.m.13 views

CVE-2026-25236

CVE-2026-25236 affects the PEAR PHP framework. The vulnerability is a SQL injection risk in karma queries caused by unsafe literal substitution for an IN (...) list. Root cause: unsafe literal handling in Karma DAMBLAN-related queries prior to version 1.33.0. Impact: potential SQL injection. Miti...

9.8CVSS5.6AI score0.00266EPSS
CVE
CVE
added 2026/02/03 6:31 p.m.13 views

CVE-2026-25240

CVE-2026-25240 affects PEAR prior to 1.33.0 where a SQL injection can occur in user::maintains() when role filters are provided as an array and interpolated into an IN (...) clause. The issue has been patched in version 1.33.0. No exploitation details are provided in the documents. If applicable,...

9.8CVSS5.6AI score0.00266EPSS