CVE-2022-31631 | Zend by Perforce

CVE-2022-31631 php: PDO::quote() may return unquoted string due to an integer overflow

Publication Date	2023-01-05
Severity	Low
Type	SQL Injection
Affected PHP Versions	7.0.0 - 7.4.33 8.0.0 - 8.0.26 8.1.0 - 8.1.13 8.2.0
Fixed Product Versions	ZendPHP 7.1 ZendPHP 7.2 ZendPHP 7.3 ZendPHP 7.4 ZendPHP 8.0 ZendPHP 8.1 ZendPHP 8.2

CVE Details

When using versions of SQLite greater than 3.39.1, the PDO::quote() functionality can be abused to return an improperly quoted string, which can lead to information disclosure, SQL injection, and other issues. This issue DOES NOT affect 32bit systems.

Recommendations

If you are using pdo_sqlite on a 64bit system, use a version of SQLite earlier than 3.39.2 if possible, or upgrade your PHP version.

< View all CVEs