CNNVD-202602-292 Information

CNNVD ID

CNNVD-202602-292

Related CVE

CVE-2026-25237

• CNNVD Published: 2026-02-03

Description (Chinese)

pearweb是PEAR开源的一个 PHP 扩展和应用程序存储库。 pearweb 1.33.0之前版本存在安全漏洞，该漏洞源于在错误更新电子邮件处理中使用带/e修饰符的preg_replace函数，可能导致PHP代码执行。

Description (English)

Pearweb is a PHP extension and application repository that is an open source for PEAR. There is a security loophole in the pre-pearweb 1.3.3.0 version, which stems from the preg replace function, which uses a preg replace with a/e modifier in the wrong update of e-mail processing, which may lead to PHP code execution.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

PEAR

Published

2026-02-03

Last Modified

2026-02-24

References

https://github.com/pear/pearweb/security/advisories/GHSA-vhw6-hqh9-8r23 https://access.redhat.com/security/cve/cve-2026-25237

Patch

https://github.com/pear/pearweb/tags