Описание
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, an unauthenticated SQL injection in the /get// endpoint allows remote attackers to execute arbitrary SQL via a crafted package version. This issue has been patched in version 1.33.0.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.33.0 (исключая)
cpe:2.3:a:pear:pearweb:*:*:*:*:*:*:*:*
EPSS
Процентиль: 24%
0.00081
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 9.8
ubuntu
4 дня назад
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, an unauthenticated SQL injection in the /get/<package>/<version> endpoint allows remote attackers to execute arbitrary SQL via a crafted package version. This issue has been patched in version 1.33.0.
CVSS3: 9.8
debian
4 дня назад
PEAR is a framework and distribution system for reusable PHP component ...
EPSS
Процентиль: 24%
0.00081
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-89