Innovate faster and cut risk with PHP experts from Zend Services.
Learn PHP from PHP experts with free, on-demand, and instructor led courses.
Submit support requests and browse self-service resources.
CVE-2022-31631 php: PDO::quote() may return unquoted string due to an integer overflow
When using versions of SQLite greater than 3.39.1, the PDO::quote() functionality can be abused to return an improperly quoted string, which can lead to information disclosure, SQL injection, and other issues. This issue DOES NOT affect 32bit systems.
If you are using pdo_sqlite on a 64bit system, use a version of SQLite earlier than 3.39.2 if possible, or upgrade your PHP version.
Direct link to CVE-2022-31631 >
< View all CVEs