Deserialization Vulnerability in pearweb by PEAR
CVE-2022-27158

9.8CRITICAL

Key Information:

Vendor: PHP
Status: Pearweb
Vendor: CVE Published:; 15 April 2022

What is CVE-2022-27158?

The pearweb product by PEAR is susceptible to a deserialization vulnerability, where untrusted data can be processed by the application, potentially leading to unauthorized access or manipulation. This flaw, present in versions prior to 1.32, poses significant security risks, allowing attackers to exploit the application’s data handling procedures.

References

https://github.com/pear/pearweb/commit/6447c174a6b4bd76d2...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2022
Vulnerability Reserved
Mar 14, 2022

PHP

What is CVE-2022-27158?

References

CVSS V3.1

Timeline