CVE-2022-31631

Severity CVSS v4.0:
Pending analysis
Type:
CWE-74 Injection
Publication date:
12/02/2025
Last modified:
02/07/2025

Description

In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* 8.0.0 (including) 8.0.27 (excluding)
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* 8.1.0 (including) 8.1.15 (excluding)
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* 8.2.0 (including) 8.2.2 (excluding)
cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* 3.39.2 (including)