V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2022-31631
ANC
Medium

In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data f…

CVSS
5.9
Medium
EPSS
0.02
p79
Published
2022-01-01
Updated
2022-01-01
Description

In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.

Tags · CWE
Pre-auth
CWE-190
CWE-74
CAPEC-3
CAPEC-6
CAPEC-7
CAPEC-8
CAPEC-9
CAPEC-10
CAPEC-13
CAPEC-14
CAPEC-24
CAPEC-28
CAPEC-34
CAPEC-42
CAPEC-43
CAPEC-45
CAPEC-46
CAPEC-47
CAPEC-51
CAPEC-52
CAPEC-53
CAPEC-64
CAPEC-67
CAPEC-71
CAPEC-72
CAPEC-76
CAPEC-78
CAPEC-79
CAPEC-80
CAPEC-83
CAPEC-84
CAPEC-92
CAPEC-101
CAPEC-105
CAPEC-108
CAPEC-120
CAPEC-135
CAPEC-250
CAPEC-267
CAPEC-273
Affected products
PhpPhpPhpPhpPhp5Php7.0Php7.2Php7.3Php7.3Php7.3Php7.4Php7.4Php8.0Php8.0-develPhp8.0-libsPhp8.0-mysqlndPhp8.1Php8.1Php8.1
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Timeline
2022-01-01
Published
2022-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.022 · p79
Known exploited (KEV)
No
MITRE ATT&CK
Inferred via CAPEC
└ via CAPEC-267 · CWE-74
└ via CAPEC-13 · CWE-74
└ via CAPEC-13 · CWE-74
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
Debian
Php7.3Php7.4Php8.2Php8.1
Canonical
Php5Php7.0Php7.2Php7.4Php8.1
Red Hat
PhpPhp8.0Php8.0-develPhp8.0-libsPhp8.0-mysqlndRpm-build-php8.0-version
Группа Астра (РусБИТех)
Php7.3Php8.1
Php
Php
Sqlite
Sqlite
ProductVendorStatus
Tracked
phpTracked
phpTracked
phpTracked
phpTracked
php5Tracked
php7.0Tracked
php7.2Tracked
php7.3Tracked
php7.3Tracked
php7.3Tracked
php7.4Tracked
php7.4Tracked
php8.0Tracked
php8.0-develTracked
php8.0-libsTracked
php8.0-mysqlndTracked
php8.1Tracked
php8.1Tracked
php8.1Tracked
Showing first 20 of 26
Source databases
ANC
AST
DEB
CVE
RED
UBU
Related vulnerabilities
BDU:2024-07320