CVE-2026-3057 | a54552239 pearProjectApi up to 2.8.10 Backend Interface Task.php dateTotalForProject projectCode sql injection

A vulnerability, which was classified as critical, was found in a54552239 pearProjectApi up to 2.8.10. Affected is the function dateTotalForProject of the file application/common/Model/Task.php of the component Backend Interface. The manipulation of the argument projectCode results in sql injection.

This vulnerability is reported as CVE-2026-3057. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-3057 | a54552239 pearProjectApi up to 2.8.10 Backend Interface Task.php dateTotalForProject projectCode sql injection

Post correlati

CVE-2024-40854 | Apple iOS/iPadOS initialization

CVE-2023-43547 | Qualcomm Snapdragon Automotive Multimedia memory corruption

CVE-2025-46804 | GNU screen File Existence Test information exposure

CVE-2024-1713 | plv8 3.2.1 Autovacuum status code (GHSA-r7m9-grw7-vcc4)