CNNVD-202602-288 Information

CNNVD ID

CNNVD-202602-288

Related CVE

CVE-2026-25241

• CNNVD Published: 2026-02-03

Description (Chinese)

pearweb是PEAR开源的一个 PHP 扩展和应用程序存储库。 pearweb 1.33.0之前版本存在SQL注入漏洞，该漏洞源于/get//端点存在未经身份验证的SQL注入漏洞，可能导致远程攻击者通过特制的软件包版本执行任意SQL。

Description (English)

Pearweb is a PHP extension and application repository that is an open source for PEAR. Prior to pearweb 1.3.3.0, there was an injection loophole in SQL, which arose from an unidentified SQL at the end of /get//, which could lead to remote assailants implementing any SQL through specially designed software package versions.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

PEAR

Published

2026-02-03

Last Modified

2026-02-24

References

https://github.com/pear/pearweb/security/advisories/GHSA-63fv-vpq5-gv8p https://access.redhat.com/security/cve/cve-2026-25241

Patch

https://github.com/pear/pearweb/tags