Unrated severityOSV Advisory· Published Feb 3, 2026· Updated Feb 4, 2026
PEAR is Vulnerable to SQL Injection in Category Deletion
CVE-2026-25234
Description
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in category deletion can allow an attacker with access to the category manager workflow to inject SQL via a category id. This issue has been patched in version 1.33.0.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/pear/pearweb/security/advisories/GHSA-q28j-3p7r-6722mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.