CVE-2022-31631

Critical CVSS: 9.1

In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.

Vendor

Php

Product

Php

CWE

CWE-74

Yayın Tarihi

2025-02-12 22:15:29

Güncelleme

2025-07-02 21:35:56

Source Identifier

security@php.net

KEV Date Added

Kategoriler

CWE-74 Php CRITICAL Php 2025

Referanslar

https://bugs.php.net/bug.php?id=81740 https://security.netapp.com/advisory/ntap-20230223-0007/ https://bugs.php.net/bug.php?id=81740

Benzer Kayıtlar

High

CVE-2026-24894

FrankenPHP is a modern application server for PHP. Prior to 1.11.2, when running FrankenPHP in worker mode, the $_SESSIO…

High

CVE-2026-24895

FrankenPHP is a modern application server for PHP. Prior to 1.11.2, FrankenPHP’s CGI path splitting logic improperly han…

Medium

CVE-2025-14177

In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1,…

Medium

CVE-2025-14178

In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1,…

High

CVE-2025-14180

In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 w…

Low

CVE-2025-1220

In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like f…