Multiple unspecified injection vulnerabilities in unspecified Auth Container back ends for PEAR::Auth before 1.2.4, and 1.3.x before 1.3.0r4, allow remote attackers to "falsify authentication credentials," related to the "underlying storage containers."
| Score | Percentile |
|---|---|
| 2.31% | 84.50% |
No CVSS scores in this advisory.
| Type | Value |
|---|---|
| GHSA | GHSA-76rh-xv36-9mrc ↗ |
| CVE | CVE-2006-0868 ↗ |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| composer | pear/auth | < 1.2.4 | 1.2.4 | — |
| composer | pear/auth | >= 1.3.0r1, < 1.3.0r4 | 1.3.0r4 | — |