One Article Review
| Source |  Cyble |
|---|---|
| Identifiant | 8648866 |
| Date de publication | 2025-02-18 13:09:49 (vue: 2025-02-18 14:08:38) |
| Titre | CVE-2022-31631: High-Risk PHP Vulnerability Demands Immediate Patch |
| Texte | 
Overview
A critical security vulnerability has been identified in PHP, one of the most widely used server-side scripting languages for web development.
The vulnerability, tracked as CVE-2022-31631, affects multiple versions of PHP and poses a significant risk to websites and applications relying on the PHP Data Objects (PDO) extension for SQLite database interactions. The flaw, which stems from an integer overflow issue in the PDO::quote() function, has the potential to allow SQL injection attacks, leading to unauthorized access, data breaches, and system compromise.
Key Details
CVE ID: CVE-2022-31631
CVSS Base Score: 9.1 (Critical)
Affected Component: PDO::quote() function when used with SQLite databases
Impact: SQL injection vulnerability due to improper string sanitization
Published Date: February 12, 2025
Last Modified: February 13, 2025
Source: PHP Group
Severity Level: Critical
Affected PHP Versions
The vulnerability affects the following versions of PHP:
|
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | function function for no scenarios 0007/ 1024x512 2022 20230223 2025 300x150 31631 31631 and 31631 is 31631: : high : network : none : unchanged a cvss access acknowledged actions active activity: implement address addressed adopt advisorites/1203/98 affected affects alerts all allow allows also an integer an overly application applications apply are as cve as input assessments assigned associated attack attackers attacks audits: regularly availability available base becomes been before best blogs breaches breakdown can caption= cause code code into com/advisory/ntap com/wp complexity component: pdo::quote compromise compromising conclusion conduct confidentiality content content/uploads/2025/02/cyble continuous control over credentials critical currently cve cvss cyble dangerous data data: ensure database databases date: february delete database demands denial depending description designed details details: detect development disclosure discussions dos due eliminate entire escape excessive exploitation exploited exploits exposes extension file= fixed flaw following from full gain given group has have high however https://cyble https://jocert https://security id: cve identified identify image immediate immediately immediately: upgrade impact impact: sql impacts implications improper include denial including increases information inject inject malicious injection input inputs installations integer integrity interaction interactions issue issue and issue in its jo/en/listdetails/security jpg key languages large last later leading level level: critical leverage likelihood limit logging long malicious mass may medium mitigate mitigation modified: february modify monitor monitoring monitoring to most multiple ncsc netapp not objects of cve of data often one only on pdo::quote organizations overflow overview parameterized passing patch patched patches patches: if pdo penetration perform personal php php: php 8 poses possible potential potentially practices prevent primary priority privileges properly provided providing public published queries queries: instead queries to real recommended references: regarding cve reliable relying remediate reported required resides risk risks safely sanitization sanitized scope score score: 9 scripting secondary security sensitive server service severity should should treat side significant sophisticated source: php sql sqlite statements steal stems steps: strategies string string as strongly successfully such supplied suspicious system take targeted team technical testing the pdo::quote them time title= to update to: tracked unauthorized unresponsive update upgrading urged use used user users using utilize prepared validate validated validation vector version versions versions: versions 8 vulnerabilities vulnerability vulnerable web websites when where which widely wild with cve workarounds workarounds are x before 8 your function |
| Tags | Vulnerability |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.