CVE-2026-25241
BaseFortify
Publication date: 2026-02-03
Last updated on: 2026-02-05
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pear | pearweb | to 1.33.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-25241 is a critical unauthenticated SQL injection vulnerability in the PEAR framework, specifically in the /get/<package>/<version> endpoint of the pearweb project. Before version 1.33.0, the application improperly handles the <version> path segment by directly inserting it into SQL queries without proper sanitization or parameterization. This allows remote attackers to inject arbitrary SQL commands by crafting malicious package version inputs, potentially compromising the backend database.
How can this vulnerability impact me? :
This vulnerability allows remote, unauthenticated attackers to execute arbitrary SQL commands on the backend database. The impact is severe because attackers can manipulate or retrieve sensitive data, modify database contents, or potentially gain further access to the system. Since no authentication is required, the attack surface is broad, increasing the risk of data breaches or system compromise.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring and testing the /get/<package>/<version> endpoint for SQL injection attempts, specifically by sending crafted requests with malicious package version inputs to observe if the backend executes unintended SQL commands.'}, {'type': 'paragraph', 'content': 'Since the vulnerability involves SQL injection via the <version> path segment, you can use tools like curl or specialized web vulnerability scanners to send payloads designed to trigger SQL errors or extract database information.'}, {'type': 'list_item', 'content': 'Example curl command to test for SQL injection: curl -v "http://your-pearweb-server/get/somepackage/\' OR \'1\'=\'1"'}, {'type': 'list_item', 'content': 'Use automated scanners such as sqlmap targeting the vulnerable endpoint: sqlmap -u "http://your-pearweb-server/get/somepackage/1.0" --path "/get/somepackage/1.0" --batch'}, {'type': 'paragraph', 'content': 'Look for unusual database errors or unexpected responses in server logs when sending such crafted requests.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate and most effective mitigation is to upgrade the pearweb installation to version 1.33.0 or later, where this SQL injection vulnerability has been patched.
Until the upgrade can be performed, restrict access to the /get/<package>/<version> endpoint by implementing firewall rules or web application firewall (WAF) rules to block suspicious or malformed requests targeting this endpoint.
Monitor logs for suspicious activity and consider disabling or limiting the functionality of the vulnerable endpoint if possible.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know