CVE-2022-31631
CVSS V2 None
CVSS V3 None
Description
In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.
Overview
- CVE ID
- CVE-2022-31631
- Assigner
- php
- Vulnerability Status
- PUBLISHED
- Published Version
- 2025-02-12T22:10:45.418Z
- Last Modified Date
- 2025-02-12T23:02:37.689Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://bugs.php.net/bug.php?id=81740 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-31631 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2025-02-13 12:03:51 | Added to TrackCVE |