← volver
CVE-2022-31631

PDO::quote() may return unquoted string

CVSS 9.1 CRITICALEPSS 2.2%CWE-74
In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Productos afectados
PHP Group · PHP

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://bugs.php.net/bug.php?id=81740https://security.netapp.com/advisory/ntap-20230223-0007/