Skip to main content

Pearweb

11 CVEs product

Monthly

CVE-2026-25241 CRITICAL Act Now

PEAR PHP framework has a seventh SQL injection with higher EPSS (0.12%), indicating more active scanning for this particular injection vector.

PHP SQLi Pearweb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25240 CRITICAL Act Now

PEAR PHP framework has another SQL injection vulnerability prior to version 1.33.0, the sixth in a series of critical security flaws in the PHP component distribution system.

PHP SQLi Pearweb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-25239 HIGH This Week

SQL injection in PEAR's apidoc queue insertion allows unauthenticated remote attackers to manipulate database queries by controlling filename values, enabling unauthorized data modification. PEAR versions before 1.33.0 are affected, and no patch is currently available for affected deployments.

PHP SQLi Pearweb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-25238 CRITICAL Act Now

PEAR PHP framework prior to 1.33.0 has a fifth SQL injection vulnerability, part of a comprehensive security audit that found multiple injection points across the framework.

PHP SQLi Pearweb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-25237 CRITICAL Act Now

PEAR PHP framework has a code execution vulnerability through unsafe use of preg_replace() that allows attackers to execute arbitrary PHP code.

PHP Pearweb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-25236 CRITICAL Act Now

PEAR PHP framework has a second SQL injection vulnerability in a different code path, providing an alternate database compromise vector.

PHP SQLi Pearweb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-25235 HIGH This Week

Pearweb versions up to 1.33.0 contains a vulnerability that allows attackers to guess verification tokens and potentially verify election account requests witho (CVSS 7.5).

PHP Pearweb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-25234 CRITICAL Act Now

PEAR PHP framework prior to 1.33.0 has a SQL injection vulnerability allowing attackers to extract data from the component distribution database.

PHP SQLi Pearweb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-25233 CRITICAL Act Now

PEAR PHP framework prior to 1.33.0 has a logic bug in the roadmap feature allowing unauthorized access through incorrect operator comparison.

PHP Pearweb
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2022-27158 CRITICAL PATCH Act Now

pearweb < 1.32 suffers from Deserialization of Untrusted Data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Deserialization Pearweb
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-27157 CRITICAL PATCH Act Now

pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users/passwordmanage.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Pearweb
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
EPSS 0% CVSS 9.8
CRITICAL Act Now

PEAR PHP framework has a seventh SQL injection with higher EPSS (0.12%), indicating more active scanning for this particular injection vector.

PHP SQLi Pearweb
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

PEAR PHP framework has another SQL injection vulnerability prior to version 1.33.0, the sixth in a series of critical security flaws in the PHP component distribution system.

PHP SQLi Pearweb
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

SQL injection in PEAR's apidoc queue insertion allows unauthenticated remote attackers to manipulate database queries by controlling filename values, enabling unauthorized data modification. PEAR versions before 1.33.0 are affected, and no patch is currently available for affected deployments.

PHP SQLi Pearweb
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

PEAR PHP framework prior to 1.33.0 has a fifth SQL injection vulnerability, part of a comprehensive security audit that found multiple injection points across the framework.

PHP SQLi Pearweb
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

PEAR PHP framework has a code execution vulnerability through unsafe use of preg_replace() that allows attackers to execute arbitrary PHP code.

PHP Pearweb
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

PEAR PHP framework has a second SQL injection vulnerability in a different code path, providing an alternate database compromise vector.

PHP SQLi Pearweb
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Pearweb versions up to 1.33.0 contains a vulnerability that allows attackers to guess verification tokens and potentially verify election account requests witho (CVSS 7.5).

PHP Pearweb
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

PEAR PHP framework prior to 1.33.0 has a SQL injection vulnerability allowing attackers to extract data from the component distribution database.

PHP SQLi Pearweb
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL Act Now

PEAR PHP framework prior to 1.33.0 has a logic bug in the roadmap feature allowing unauthorized access through incorrect operator comparison.

PHP Pearweb
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

pearweb < 1.32 suffers from Deserialization of Untrusted Data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Deserialization Pearweb
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users/passwordmanage.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Pearweb
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy