Add CVE-2026-25241 - PEAR pearweb Unauthenticated SQL Injection

[hevnsnt]

Template Overview

This template detects CVE-2026-25241, an unauthenticated SQL injection vulnerability in PEAR pearweb versions prior to 1.33.0.

Vulnerability Details

Product: PEAR pearweb
Affected Versions: < 1.33.0
Severity: Critical (CVSS 9.8)
CWE: CWE-89 (SQL Injection)

The /get/<package>/<version> endpoint does not properly sanitize the version parameter before including it in a SQL query. This allows remote, unauthenticated attackers to inject arbitrary SQL statements and potentially extract or modify database contents.

Detection Method

The template uses a time-based blind SQL injection technique, injecting a SLEEP(6) payload into the version parameter and measuring response delay to confirm the vulnerability without causing harm to the target.

References

• https://nvd.nist.gov/vuln/detail/CVE-2026-25241
• https://github.com/pear/pearweb

[theamanrawat]

Hi @hevnsnt,

Thank you so much for sharing this template with the community and contributing to this project 🍻

Does the endpoint /get/<package>/<version> require the package name to be exploited? You mentioned the package name as 'test' in the template, but this might not work for others because the package name can be different.

Do you have additional information to identify the package name?