VYPR

Pear

by Pear

CVEs (13)

  • CVE-2007-2519May 22, 2007
    risk 0.04cvss epss 0.07

    Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the (2) as attribute in the…

  • CVE-2026-25241Feb 3, 2026
    risk 0.00cvss epss 0.00

    PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, an unauthenticated SQL injection in the /get// endpoint allows remote attackers to execute arbitrary SQL via a crafted package version. This issue has been patched…

  • CVE-2026-25240Feb 3, 2026
    risk 0.00cvss epss 0.00

    PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability can occur in user::maintains() when role filters are provided as an array and interpolated into an IN (...) clause. This issue has been patched in…

  • CVE-2026-25239Feb 3, 2026
    risk 0.00cvss epss 0.00

    PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in apidoc queue insertion can allow query manipulation if an attacker can influence the inserted filename value. This issue has been patched in version…

  • CVE-2026-25238Feb 3, 2026
    risk 0.00cvss epss 0.00

    PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in bug subscription deletion may allow attackers to inject SQL via a crafted email value. This issue has been patched in version 1.33.0.

  • CVE-2026-25237Feb 3, 2026
    risk 0.00cvss epss 0.00

    PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, use of preg_replace() with the /e modifier in bug update email handling can enable PHP code execution if attacker-controlled content reaches the evaluated replacement. This issue…

  • CVE-2026-25236Feb 3, 2026
    risk 0.00cvss epss 0.00

    PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN (...) list. This issue has been patched in version 1.33.0.

  • CVE-2026-25234Feb 3, 2026
    risk 0.00cvss epss 0.00

    PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in category deletion can allow an attacker with access to the category manager workflow to inject SQL via a category id. This issue has been patched in…

  • CVE-2011-1144Mar 3, 2011
    risk 0.00cvss epss 0.00

    The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories. NOTE: this vulnerability exists because of…

  • CVE-2011-1072Mar 3, 2011
    risk 0.00cvss epss 0.00

    The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the (1) download_dir, (2) cache_dir, (3) tmp_dir, and (4) pear-build-download directories, a different vulnerability than CVE-2007-2519.

  • CVE-2009-4025Nov 29, 2009
    risk 0.00cvss epss 0.06

    Argument injection vulnerability in the traceroute function in Traceroute.php in the Net_Traceroute package before 0.21.2 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: some of these details are obtained from third party…

  • CVE-2009-4024Nov 29, 2009
    risk 0.00cvss epss 0.06

    Argument injection vulnerability in the ping function in Ping.php in the Net_Ping package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: this has also been reported as a shell metacharacter problem.

  • CVE-2009-4023Nov 29, 2009
    risk 0.00cvss epss 0.02

    Argument injection vulnerability in the sendmail implementation of the Mail::Send method (Mail/sendmail.php) in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted $from parameter, a different vector than CVE-2009-4111.