CVE-2026-25239 – This SQL injection vulnerability in PEAR's apid... (How to Fix)

📋 TL;DR

This SQL injection vulnerability in PEAR's apidoc queue insertion allows attackers to manipulate database queries by controlling filename values. It affects PEAR installations prior to version 1.33.0. Attackers could potentially execute arbitrary SQL commands against the database.

💻 Affected Systems

Products:

PEAR (PHP Extension and Application Repository)

Versions: All versions prior to 1.33.0

Operating Systems: All operating systems running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability requires attacker to influence filename parameter in apidoc queue insertion functionality.

📦 What is this software?

Pearweb by Pear

View all CVEs affecting Pearweb →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise allowing data theft, modification, or deletion, and potential remote code execution through database functions.

🟠

Likely Case

Data extraction from the database, including potentially sensitive information stored in PEAR-related tables.

🟢

If Mitigated

Limited impact if proper input validation and database permissions are already in place.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to influence filename parameter, which may require some level of access or specific functionality usage.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.33.0

Vendor Advisory: https://github.com/pear/pearweb/security/advisories/GHSA-f9mg-x463-3vxg

Restart Required: No

Instructions:

1. Update PEAR to version 1.33.0 or later using: pear upgrade pear
2. Verify installation with: pear version
3. Test apidoc functionality to ensure proper operation.

🔧 Temporary Workarounds

Input Validation Enhancement

all

Implement strict input validation for filename parameters in custom code using PEAR's apidoc functionality.

Database Permission Restriction

all

Limit database user permissions to only necessary operations to reduce potential impact.

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block SQL injection patterns
Disable or restrict access to apidoc functionality if not required

🔍 How to Verify

Check if Vulnerable:

Check PEAR version with: pear version | grep 'PEAR Version'

Check Version:

pear version | grep 'PEAR Version'

Verify Fix Applied:

Confirm version is 1.33.0 or higher with: pear version

📡 Detection & Monitoring

Log Indicators:

Unusual database queries from PEAR processes
Multiple failed SQL queries with malformed filenames
Database error logs showing SQL syntax errors

Network Indicators:

Unusual patterns in API calls to PEAR apidoc endpoints

SIEM Query:

source="pear_logs" AND ("SQL syntax" OR "database error" OR "unexpected filename")

📊 Metadata

CVE ID: CVE-2026-25239

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE: CWE-89

EPSS Score: 0.04% exploit probability (12.2th percentile)

Published: February 3, 2026

Last Updated: February 5, 2026

🔗 References

https://github.com/pear/pearweb/security/advisories/GHSA-f9mg-x463-3vxg Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-25239, you might also want to check these: