VDB
DEBIAN-CVE-2022-31631
DEBIAN-CVE-2022-31631
PUBLISHED
CVSS 9.100000381469727 CRITICAL
In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.
Risk Scores
CVSS v3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | php7.4 | 7.4.30-1+deb11u1, 7.4.25-1+deb11u1, 7.4.26-1 |
| Debian:12 | php8.2 | 0, 0, 0 |
Timeline
- Feb 12, 2025 CVE Published
- Apr 28, 2026 CVE Updated