Approved changes feed: RSS · Atom
cpe:2.3:a:pear:pearweb:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Pear (202938b0-7fb8-5241-8587-372df9c20f96) |
|---|---|
| Product | Pearweb (97cdfb17-f5df-54f3-944a-8dff0a9833df) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/pear/pearweb |
purl2cpe | 2026-06-01 10:10:56.195735 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-25241 |
vulnerable | 2026-06-08 07:53:19.540122 |
PEAR is Vulnerable to SQL Injection in /get/<package>/<version> Endpoint
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, an unauthenticated SQL injection in the /get/<package>/<version> endpoint allows remote attackers to execute arbitrary SQL via a crafted package version. This issue has been patched in version 1.33.0.
Published: 2026-02-03T18:31:17.010Z
Updated: 2026-02-04T21:18:41.250Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-25240 |
vulnerable | 2026-06-08 07:53:19.539767 |
PEAR is Vulnerable to SQL Injection in user::maintains() Role IN() Filter
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability can occur in user::maintains() when role filters are provided as an array and interpolated into an IN (...) clause. This issue has been patched in version 1.33.0.
Published: 2026-02-03T18:31:01.103Z
Updated: 2026-02-04T21:17:16.583Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-25239 |
vulnerable | 2026-06-08 07:53:19.539534 |
PEAR is Vulnerable to SQL Injection in apidoc_queue Insert via Unescaped Filename
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in apidoc queue insertion can allow query manipulation if an attacker can influence the inserted filename value. This issue has been patched in version 1.33.0.
Published: 2026-02-03T18:30:53.704Z
Updated: 2026-02-04T21:16:47.763Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-25238 |
vulnerable | 2026-06-08 07:53:19.539276 |
PEAR is Vulnerable to SQL Injection in Bug Subscription Deletion via Weak Email Validation
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in bug subscription deletion may allow attackers to inject SQL via a crafted email value. This issue has been patched in version 1.33.0.
Published: 2026-02-03T18:30:14.305Z
Updated: 2026-02-04T21:16:19.309Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-25237 |
vulnerable | 2026-06-08 07:53:19.538936 |
PEAR is Vulnerable to PHP Code Execution via preg_replace /e in Bug Update Emails
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, use of preg_replace() with the /e modifier in bug update email handling can enable PHP code execution if attacker-controlled content reaches the evaluated replacement. This issue has been patched in version 1.33.0.
Published: 2026-02-03T18:29:54.001Z
Updated: 2026-02-04T20:21:50.253Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-25236 |
vulnerable | 2026-06-08 07:53:19.538654 |
PEAR is Vulnerable to SQL Injection in Damblan_Karma IN() Query via Literal Substitution
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN (...) list. This issue has been patched in version 1.33.0.
Published: 2026-02-03T18:29:46.866Z
Updated: 2026-02-04T20:34:31.656Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-25235 |
vulnerable | 2026-06-08 07:53:19.538284 |
PEAR Has a Predictable Verification Hash in Election Account Requests
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0.
Published: 2026-02-03T18:29:39.698Z
Updated: 2026-02-04T20:34:59.115Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-25234 |
vulnerable | 2026-06-08 07:53:19.537861 |
PEAR is Vulnerable to SQL Injection in Category Deletion
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in category deletion can allow an attacker with access to the category manager workflow to inject SQL via a category id. This issue has been patched in version 1.33.0.
Published: 2026-02-03T18:29:19.724Z
Updated: 2026-02-04T21:15:38.932Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-25233 |
vulnerable | 2026-06-08 07:53:19.537383 |
PEAR Has a Roadmap Authorization Bypass via Operator Precedence Bug
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, logic bug in the roadmap role check allows non-lead maintainers to create, update, or delete roadmaps. This issue has been patched in version 1.33.0.
Published: 2026-02-03T18:29:13.336Z
Updated: 2026-02-04T21:14:41.218Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.