Primary

Context

PEAR SQL Injection Vulnerability in Bug Subscription Deletion Prior to Version 1.33.0

Vulnerability

Patched

A SQL injection vulnerability has been identified in PEAR, a framework for reusable PHP components, prior to version 1.33.0. The issue arises in the bug subscription deletion process, where weak email validation allows attackers to inject SQL through a crafted email value. The vulnerability exists because the email validation regex is unanchored, permitting the inclusion of valid-looking email substrings that can disrupt the SQL query execution.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate SQL queries to potentially access, modify, or delete database information.

Remediation

Users can upgrade to PEAR version 1.33.0 or later to address this vulnerability.

Added: Feb 3, 2026, 7:32 PM

Updated: Feb 3, 2026, 7:32 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

7.4

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

7.4

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PEAR SQL Injection Vulnerability in Bug Subscription Deletion Prior to Version 1.33.0

Vulnerability

Impact

Remediation

Affected Products

PEAR

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating