CNNVD-202602-293 Information

CNNVD ID

CNNVD-202602-293

Related CVE

CVE-2026-25235

• CNNVD Published: 2026-02-03

Description (Chinese)

pearweb是PEAR开源的一个 PHP 扩展和应用程序存储库。 pearweb1.33.0之前版本存在安全漏洞，该漏洞源于可预测的验证哈希，可能导致攻击者猜测验证令牌并可能未经授权验证选举账户请求。

Description (English)

Pearweb is a PHP extension and application repository that is an open source for PEAR. There was a security loophole in the pre-pearweb13.3.0, which originated from a predictable validation of Hashi, which could lead attackers to speculate about the authentication of the badge and possibly the unauthorized validation of the electoral account request.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

PEAR

Published

2026-02-03

Last Modified

2026-02-24

References

https://github.com/pear/pearweb/security/advisories/GHSA-477r-4cmw-3cgf https://access.redhat.com/security/cve/cve-2026-25235

Patch

https://github.com/pear/pearweb/tags