CNNVD-202602-295 Information

CNNVD ID

CNNVD-202602-295

Related CVE

CVE-2026-25234

• CNNVD Published: 2026-02-03

Description (Chinese)

pearweb是PEAR开源的一个 PHP 扩展和应用程序存储库。 pearweb 1.33.0之前版本存在SQL注入漏洞，该漏洞源于类别删除存在SQL注入漏洞，可能导致攻击者通过类别ID注入SQL。

Description (English)

Pearweb is a PHP extension and application repository that is an open source for PEAR. There was an SQL injection loophole in the pre-Pearweb 1.33.0 version, which originated from the category deletion of the SQL injection gap, which could lead to an attacker injecting SQL through Category ID.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

PEAR

Published

2026-02-03

Last Modified

2026-02-24

References

https://github.com/pear/pearweb/security/advisories/GHSA-q28j-3p7r-6722 https://access.redhat.com/security/cve/cve-2026-25234

Patch

https://github.com/pear/pearweb/tags