CVE-2022-31631
CVE-2022-31631 php: PDO::quote() may return unquoted string due to an integer overflow
Publication Date | 2023-01-05 |
---|---|
Severity | Low |
Type | SQL Injection |
Affected PHP Versions |
|
Fixed Product Versions |
|
CVE Details
When using versions of SQLite greater than 3.39.1, the PDO::quote()
functionality can be abused to return an improperly quoted string, which can lead to information disclosure, SQL injection, and other issues. This issue DOES NOT affect 32bit systems.
Recommendations
If you are using pdo_sqlite on a 64bit system, use a version of SQLite earlier than 3.39.2 if possible, or upgrade your PHP version.