ГлавнаяУязвимости → CVE-2026-25235
7.5высокая

CVE-2026-25235

Описание

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0.

Затрагиваемое ПО
Pear Pearweb
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Источники
https://github.com/pear/pearweb/security/advisories/GHSA-477r-4cmw-3cgf