Primary

Context

PEAR SQL Injection Vulnerability in apidoc Queue Insertion Prior to Version 1.33.0

Vulnerability

Patched

A SQL injection vulnerability has been identified in the PEAR framework, specifically in the apidoc queue insertion process, prior to version 1.33.0. This vulnerability allows for query manipulation if an attacker can control the inserted filename value. The issue arises because the insertion into the apidoc_queue is created by directly concatenating the filename into the SQL VALUES clause, enabling injection of malicious SQL if the filename is attacker-controlled.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling attackers to manipulate database queries. This could lead to unauthorized data access, data modification, or in some cases, executing administrative operations on the database.

Remediation

Users can upgrade to PEAR version 1.33.0 or later to address this vulnerability.

Added: Feb 3, 2026, 7:31 PM

Updated: Feb 3, 2026, 7:31 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

5.2

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

5.2

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PEAR SQL Injection Vulnerability in apidoc Queue Insertion Prior to Version 1.33.0

Vulnerability

Impact

Remediation

Affected Products

PEAR

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating