📦 Pearweb

A SQL injection vulnerability in PEAR's bug subscription deletion feature allows attackers to execute arbitrary SQL commands by manipulating email values. This affects all PEAR installations prior to ...

This SQL injection vulnerability in PEAR's user::maintains() function allows attackers to execute arbitrary SQL commands when role filters are provided as arrays. It affects all PEAR installations pri...

This CVE describes an unauthenticated SQL injection vulnerability in PEAR's package retrieval endpoint. Attackers can execute arbitrary SQL commands by sending specially crafted package version parame...

This CVE describes a SQL injection vulnerability in PEAR, a PHP component framework, where unsafe literal substitution in karma queries allows attackers to inject malicious SQL. Systems using PEAR ver...

This vulnerability in PEAR (PHP Extension and Application Repository) allows remote code execution when attacker-controlled content reaches the preg_replace() function with the /e modifier in bug upda...

This SQL injection vulnerability in PEAR's category deletion function allows attackers with category manager access to execute arbitrary SQL commands. It affects PEAR installations prior to version 1....

This vulnerability in PEAR (PHP Extension and Application Repository) allows non-lead maintainers to create, update, or delete roadmaps due to a logic bug in role checking. It affects PEAR web applica...

This SQL injection vulnerability in PEAR's apidoc queue insertion allows attackers to manipulate database queries by controlling filename values. It affects PEAR installations prior to version 1.33.0....

This vulnerability in PEAR (PHP Extension and Application Repository) allows attackers to guess verification tokens due to predictable hashes, potentially enabling unauthorized verification of electio...