CNNVD-202602-289 Information

CNNVD ID

CNNVD-202602-289

Related CVE

CVE-2026-25240

• CNNVD Published: 2026-02-03

Description (Chinese)

pearweb是PEAR开源的一个 PHP 扩展和应用程序存储库。 pearweb 1.33.0之前版本存在SQL注入漏洞，该漏洞源于user::maintains函数在将角色过滤器作为数组提供并插入IN子句时可能发生SQL注入。

Description (English)

Pearweb is a PHP extension and application repository that is an open source for PEAR. There is a leak in SQL injection before pearweb 1.3.3.0, which is the result of a possible SQL injection in the role filter provided as an array and inserted into an IN sub-phrase by the user::maintains function.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

PEAR

Published

2026-02-03

Last Modified

2026-02-24

References

https://github.com/pear/pearweb/security/advisories/GHSA-xw9g-5gr2-c44f https://access.redhat.com/security/cve/cve-2026-25240

Patch

https://github.com/pear/pearweb/tags