CNNVD-202602-291 Information

CNNVD ID

CNNVD-202602-291

Related CVE

CVE-2026-25239

• CNNVD Published: 2026-02-03

Description (Chinese)

pearweb是PEAR开源的一个 PHP 扩展和应用程序存储库。 pearweb 1.33.0之前版本存在SQL注入漏洞，该漏洞源于apidoc队列插入存在SQL注入漏洞，可能导致攻击者影响插入的文件名值以操纵查询。

Description (English)

Pearweb is a PHP extension and application repository that is an open source for PEAR. There is an injection loophole in SQL prior to pearweb 1.33.0, which stems from the introduction of SQL in the apidoc queue, which could lead to the aggressor influencing the inserted file name to manipulate the query.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

PEAR

Published

2026-02-03

Last Modified

2026-02-24

References

https://github.com/pear/pearweb/security/advisories/GHSA-f9mg-x463-3vxg https://access.redhat.com/security/cve/cve-2026-25239

Patch

https://github.com/pear/pearweb/tags