CNNVD-202602-294 Information
Feb 03, 2026
cve
CNNVD ID
CNNVD-202602-294
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
pearweb是PEAR开源的一个 PHP 扩展和应用程序存储库。 pearweb 1.33.0之前版本存在SQL注入漏洞,该漏洞源于因果点查询中对IN列表的不安全字面替换,存在SQL注入风险。
Description (English)
Pearweb is a PHP extension and application repository that is an open source for PEAR. There is an SQL injection loophole in the pre-Pearweb 1.33.0 version, which stems from the unsafe textual replacement of the IN list in the causal point query and the risk of SQL injection.
Hazard Level
High
Vulnerability Type
SQL注入
Affected Vendor
PEAR
Published
2026-02-03
Last Modified
2026-02-24
References
https://github.com/pear/pearweb/security/advisories/GHSA-95mc-p966-c29f https://access.redhat.com/security/cve/cve-2026-25236
Patch
https://github.com/pear/pearweb/tags
Share on: