Pearweb
Monthly
PEAR PHP framework has a seventh SQL injection with higher EPSS (0.12%), indicating more active scanning for this particular injection vector.
PEAR PHP framework has another SQL injection vulnerability prior to version 1.33.0, the sixth in a series of critical security flaws in the PHP component distribution system.
SQL injection in PEAR's apidoc queue insertion allows unauthenticated remote attackers to manipulate database queries by controlling filename values, enabling unauthorized data modification. PEAR versions before 1.33.0 are affected, and no patch is currently available for affected deployments.
PEAR PHP framework prior to 1.33.0 has a fifth SQL injection vulnerability, part of a comprehensive security audit that found multiple injection points across the framework.
PEAR PHP framework has a code execution vulnerability through unsafe use of preg_replace() that allows attackers to execute arbitrary PHP code.
PEAR PHP framework has a second SQL injection vulnerability in a different code path, providing an alternate database compromise vector.
Pearweb versions up to 1.33.0 contains a vulnerability that allows attackers to guess verification tokens and potentially verify election account requests witho (CVSS 7.5).
PEAR PHP framework prior to 1.33.0 has a SQL injection vulnerability allowing attackers to extract data from the component distribution database.
PEAR PHP framework prior to 1.33.0 has a logic bug in the roadmap feature allowing unauthorized access through incorrect operator comparison.
PEAR PHP framework has a seventh SQL injection with higher EPSS (0.12%), indicating more active scanning for this particular injection vector.
PEAR PHP framework has another SQL injection vulnerability prior to version 1.33.0, the sixth in a series of critical security flaws in the PHP component distribution system.
SQL injection in PEAR's apidoc queue insertion allows unauthenticated remote attackers to manipulate database queries by controlling filename values, enabling unauthorized data modification. PEAR versions before 1.33.0 are affected, and no patch is currently available for affected deployments.
PEAR PHP framework prior to 1.33.0 has a fifth SQL injection vulnerability, part of a comprehensive security audit that found multiple injection points across the framework.
PEAR PHP framework has a code execution vulnerability through unsafe use of preg_replace() that allows attackers to execute arbitrary PHP code.
PEAR PHP framework has a second SQL injection vulnerability in a different code path, providing an alternate database compromise vector.
Pearweb versions up to 1.33.0 contains a vulnerability that allows attackers to guess verification tokens and potentially verify election account requests witho (CVSS 7.5).
PEAR PHP framework prior to 1.33.0 has a SQL injection vulnerability allowing attackers to extract data from the component distribution database.
PEAR PHP framework prior to 1.33.0 has a logic bug in the roadmap feature allowing unauthorized access through incorrect operator comparison.