CVE-2026-3057

Name of the Vulnerable Software and Affected Versions a54552239 pearProjectApi versions up to 2.8.10

Description A security flaw exists in a54552239 pearProjectApi. The dateTotalForProject function within the application/common/Model/Task.php file of the Backend Interface component is susceptible to SQL injection due to manipulation of the projectCode argument. This issue can be exploited remotely. The exploit is publicly available. The vendor was notified but did not respond.

Recommendations Versions prior to 2.8.10 are recommended. As a temporary workaround, consider restricting access to the dateTotalForProject function until a patch is available.