Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

pear — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting pear. AI-powered Chinese analysis, POCs, and references for each vulnerability.

PEAR is a PHP extension and application distribution system that provides reusable components for web development. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and insecure deserialization. Notable incidents include multiple RCE flaws in package management systems and a 2017 supply chain attack where malicious code was introduced through the PEAR installer. Despite these issues, PEAR remains widely used in legacy PHP environments, requiring careful dependency management and regular updates to mitigate risks associated with its 9 documented CVEs.

Top products by pear: pearweb
CVE IDTitleCVSSSeverityPublished
CVE-2026-25241 PEAR is Vulnerable to SQL Injection in /get/<package>/<version> Endpoint — pearwebCWE-89 9.8AICriticalAI2026-02-03
CVE-2026-25240 PEAR is Vulnerable to SQL Injection in user::maintains() Role IN() Filter — pearwebCWE-89 8.8AIHighAI2026-02-03
CVE-2026-25239 PEAR is Vulnerable to SQL Injection in apidoc_queue Insert via Unescaped Filename — pearwebCWE-89 9.1AICriticalAI2026-02-03
CVE-2026-25238 PEAR is Vulnerable to SQL Injection in Bug Subscription Deletion via Weak Email Validation — pearwebCWE-89 9.8AICriticalAI2026-02-03
CVE-2026-25237 PEAR is Vulnerable to PHP Code Execution via preg_replace /e in Bug Update Emails — pearwebCWE-624 9.8AICriticalAI2026-02-03
CVE-2026-25236 PEAR is Vulnerable to SQL Injection in Damblan_Karma IN() Query via Literal Substitution — pearwebCWE-89 9.8AICriticalAI2026-02-03
CVE-2026-25235 PEAR Has a Predictable Verification Hash in Election Account Requests — pearwebCWE-337 9.1AICriticalAI2026-02-03
CVE-2026-25234 PEAR is Vulnerable to SQL Injection in Category Deletion — pearwebCWE-89 8.8AIHighAI2026-02-03
CVE-2026-25233 PEAR Has a Roadmap Authorization Bypass via Operator Precedence Bug — pearwebCWE-783 5.4AIMediumAI2026-02-03

This page lists every published CVE security advisory associated with pear. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.