{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-31631", "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "state": "PUBLISHED", "assignerShortName": "php", "dateReserved": "2022-05-25T21:03:32.861Z", "datePublished": "2025-02-12T22:10:45.418Z", "dateUpdated": "2025-02-13T16:06:41.825Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "packageName": "pdo_sqlite", "product": "PHP", "vendor": "PHP Group", "versions": [{"lessThan": "8.0.27", "status": "affected", "version": "8.0.x", "versionType": "semver"}, {"lessThan": "8.1.15", "status": "affected", "version": "8.1.x", "versionType": "semver"}, {"lessThan": "8.2.2", "status": "affected", "version": "8.2.x", "versionType": "semver"}]}], "datePublic": "2022-12-19T13:27:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.&nbsp;&nbsp;</p>"}], "value": "In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "shortName": "php", "dateUpdated": "2025-02-12T22:10:45.418Z"}, "references": [{"url": "https://bugs.php.net/bug.php?id=81740"}], "source": {"advisory": "https://bugs.php.net/bug.php?id=81740", "discovery": "INTERNAL"}, "title": "PDO::quote() may return unquoted string", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20230223-0007/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-02-12T23:02:37.689Z"}}, {"references": [{"url": "https://bugs.php.net/bug.php?id=81740", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-13T16:06:19.759677Z", "id": "CVE-2022-31631", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-13T16:06:41.825Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20230223-0007/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-02-12T23:02:37.689Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-31631", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-13T16:06:19.759677Z"}}}], "references": [{"url": "https://bugs.php.net/bug.php?id=81740", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-13T16:06:35.672Z"}}], "cna": {"title": "PDO::quote() may return unquoted string", "source": {"advisory": "https://bugs.php.net/bug.php?id=81740", "discovery": "INTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "PHP Group", "product": "PHP", "versions": [{"status": "affected", "version": "8.0.x", "lessThan": "8.0.27", "versionType": "semver"}, {"status": "affected", "version": "8.1.x", "lessThan": "8.1.15", "versionType": "semver"}, {"status": "affected", "version": "8.2.x", "lessThan": "8.2.2", "versionType": "semver"}], "packageName": "pdo_sqlite", "defaultStatus": "affected"}], "datePublic": "2022-12-19T13:27:00.000Z", "references": [{"url": "https://bugs.php.net/bug.php?id=81740"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.", "supportingMedia": [{"type": "text/html", "value": "<p>In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.&nbsp;&nbsp;</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"}]}], "providerMetadata": {"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "shortName": "php", "dateUpdated": "2025-02-12T22:10:45.418Z"}}}, "cveMetadata": {"cveId": "CVE-2022-31631", "state": "PUBLISHED", "dateUpdated": "2025-02-13T16:06:41.825Z", "dateReserved": "2022-05-25T21:03:32.861Z", "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "datePublished": "2025-02-12T22:10:45.418Z", "assignerShortName": "php"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities."}, {"lang": "es", "value": "En las versiones de PHP 8.0.* anteriores a 8.0.27, 8.1.* anteriores a 8.1.15, 8.2.* anteriores a 8.2.2, cuando se usa la funci\u00f3n PDO::quote() para citar datos proporcionados por el usuario para SQLite, proporcionar una cadena demasiado larga puede provocar que el controlador cite incorrectamente los datos, lo que puede generar vulnerabilidades de inyecci\u00f3n SQL."}], "id": "CVE-2022-31631", "lastModified": "2025-02-13T16:15:35.670", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "security@php.net", "type": "Secondary"}]}, "published": "2025-02-12T22:15:29.007", "references": [{"source": "security@php.net", "url": "https://bugs.php.net/bug.php?id=81740"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20230223-0007/"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://bugs.php.net/bug.php?id=81740"}], "sourceIdentifier": "security@php.net", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "security@php.net", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:0848", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "php:8.0-8070020230118114629.ef331662", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-02-21T00:00:00Z"}, {"advisory": "RHSA-2023:2903", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "php:7.4-8080020230118140634.cc342424", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-05-16T00:00:00Z"}, {"advisory": "RHSA-2023:0965", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "php-0:8.0.27-1.el9_1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-02-28T00:00:00Z"}, {"advisory": "RHSA-2023:2417", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "php:8.1-9020020230120141750.9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-05-09T00:00:00Z"}], "bugzilla": {"description": "php: PDO:: quote() may return unquoted string due to an integer overflow", "id": "2158791", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2158791"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-190", "details": ["In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.", "A flaw was found in PHP. This issue occurs due to an uncaught integer overflow in PDO::quote() of PDO_SQLite returning an improperly quoted string. With the implementation of sqlite3_snprintf(), it is possible to force the function to return a single apostrophe if the function is called on user-supplied input without any length restrictions in place."], "name": "CVE-2022-31631", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "php", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "php", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-php73-php", "product_name": "Red Hat Software Collections"}], "public_date": "2023-01-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-31631\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-31631\nhttps://bugs.php.net/bug.php?id=81740"], "threat_severity": "Moderate"}