CVE-2022-31631

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Feb 12, 2025

Updated: Feb 13, 2025

CWE ID 74

Summary

CVE-2022-31631 is a vulnerability affecting PHP versions 8.0.*, 8.1.*, and 8.2.* before specific patches. This issue arises when using the PDO::quote() function to sanitize user-supplied data for SQLite databases. If an abnormally long string is provided, the driver misinterprets the data, potentially leading to SQL injection vulnerabilities. This flaw may allow unauthorized access, modification, or disclosure of sensitive data. Users are advised to update their PHP installations to the respective patched versions as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

PHP: Hypertext Preprocessor

Affected Vendors

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/mvC4KW
https://www.cve.org/CVERecord?id=CVE-2022-31631
https://nvd.nist.gov/vuln/detail/CVE-2022-31631

Back to Vulnerability Database