Severity Level: Critical
Title:
Critical Vulnerability in PHP
Summary:
• CVE-2022-31631
• CVSS Base Score: 9.1 Critical
• A critical vulnerability exists in PHP that can potentially expose websites and applications to
SQL injection attacks.
• The flaw resides in the PDO::quote() function when used with SQLite databases, an essential
function for escaping user-supplied data before executing database queries. This vulnerability
arises from an integer overflow issue that can lead to improper string sanitization, allowing
attackers to inject malicious SQL code.
• Successful exploitation could allow attackers to:
o Inject malicious code
o Gain control of the database
o Steal sensitive data
o Modify database content
o Gain potential control over the affected system
Affected Versions:
• PHP versions 8.0.x before 8.0.27
• PHP versions 8.1.x before 8.1.15
• PHP versions 8.2.x before 8.2.2
Fixed Versions:
• PHP versions 8.0.27, 8.1.15, or 8.2.2 (or later)
Recommendations:
We recommended to update the affected versions to the fixed or latest versions released by PHP
References:
click here