VYPR
Unrated severityOSV Advisory· Published Feb 3, 2026· Updated Feb 4, 2026

PEAR is Vulnerable to SQL Injection in apidoc_queue Insert via Unescaped Filename

CVE-2026-25239

Description

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in apidoc queue insertion can allow query manipulation if an attacker can influence the inserted filename value. This issue has been patched in version 1.33.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Range: pearweb-1.26.1, pearweb-1.28.1, pearweb-1.29.0, …
  • Pear/Pearllm-fuzzy
    Range: <1.33.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.