ГлавнаяУязвимости → CVE-2026-25236
9.8критическая

CVE-2026-25236

Описание

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN (...) list. This issue has been patched in version 1.33.0.

Затрагиваемое ПО
Pear Pearweb
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/pear/pearweb/security/advisories/GHSA-95mc-p966-c29f