CVE-2026-25239
BaseFortify
Publication date: 2026-02-03
Last updated on: 2026-02-05
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pear | pearweb | to 1.33.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability is a SQL injection that allows an attacker to manipulate database queries, potentially compromising database integrity and security.
Such a compromise could lead to unauthorized access or modification of sensitive data, which may impact compliance with data protection regulations like GDPR and HIPAA that require safeguarding personal and health information.
However, the provided information does not explicitly discuss the direct effects of this vulnerability on compliance with these standards.
Can you explain this vulnerability to me?
CVE-2026-25239 is a critical SQL injection vulnerability in the pearweb project, specifically in the apidoc_queue insertion process. The vulnerability occurs because the SQL INSERT statement is constructed by directly concatenating a filename variable into the query without proper sanitization or escaping. This allows an attacker who can control the filename value to manipulate the SQL query, potentially executing arbitrary SQL commands.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary SQL commands on the database. This can lead to compromising the integrity and security of the database, including unauthorized data access, data modification, or deletion.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by inspecting the source code for unsafe SQL query constructions involving the apidoc_queue insertion, specifically looking for concatenation of unsanitized filename variables into SQL statements.'}, {'type': 'paragraph', 'content': 'On a system where the vulnerable PEAR version is installed, you can check the version of pearweb to confirm if it is prior to 1.33.0, which is vulnerable.'}, {'type': 'paragraph', 'content': 'Since the vulnerability involves SQL injection via the filename variable, monitoring database logs for suspicious or malformed SQL queries involving the apidoc_queue table may help detect exploitation attempts.'}, {'type': 'list_item', 'content': 'Check the installed pearweb version: `pear version` or inspect the pearweb package version in your environment.'}, {'type': 'list_item', 'content': 'Search the source code for unsafe SQL query concatenation patterns, e.g., `grep -r "VALUES (\'" . $file . "\'" ." include/`.'}, {'type': 'list_item', 'content': 'Review database logs for unusual queries on the apidoc_queue table that include unexpected or malicious filename values.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the pearweb framework to version 1.33.0 or later, where this SQL injection vulnerability has been patched.
If upgrading immediately is not possible, apply input validation and sanitization on the filename variable before it is used in SQL queries to prevent injection.
Additionally, review and modify the code to use parameterized queries or prepared statements instead of directly concatenating variables into SQL commands.
Monitor your systems and database logs for any signs of exploitation attempts and restrict access to the vulnerable functionality where possible.