CNNVD-202602-290 Information

CNNVD ID

CNNVD-202602-290

Related CVE

CVE-2026-25238

• CNNVD Published: 2026-02-03

Description (Chinese)

pearweb是PEAR开源的一个 PHP 扩展和应用程序存储库。 pearweb 1.33.0之前版本存在SQL注入漏洞，该漏洞源于错误订阅删除存在SQL注入漏洞，可能导致攻击者通过特制的电子邮件值注入SQL。

Description (English)

Pearweb is a PHP extension and application repository that is an open source for PEAR. There was an SQL injection loophole in the pre-pearweb 1.3.3.0 version, which arose from an erroneous subscription to delete an SQL injection loophole, which could lead to an attacker injecting SQL through a specially created e-mail value.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

PEAR

Published

2026-02-03

Last Modified

2026-02-24

References

https://github.com/pear/pearweb/security/advisories/GHSA-cv3c-27h5-7gmv https://access.redhat.com/security/cve/cve-2026-25238

Patch

https://github.com/pear/pearweb/tags