Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PEAR is Vulnerable to SQL Injection in /get/<package>/<version> Endpoint
Vulnerability Description
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, an unauthenticated SQL injection in the /get/<package>/<version> endpoint allows remote attackers to execute arbitrary SQL via a crafted package version. This issue has been patched in version 1.33.0.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
pearweb SQL注入漏洞
Vulnerability Description
pearweb是PEAR开源的一个 PHP 扩展和应用程序存储库。 pearweb 1.33.0之前版本存在SQL注入漏洞,该漏洞源于/get/<package>/<version>端点存在未经身份验证的SQL注入漏洞,可能导致远程攻击者通过特制的软件包版本执行任意SQL。
CVSS Information
N/A
Vulnerability Type
N/A