2025-02-22 14:11:58 Pacfic
Urgent Patch Required: High-Risk PHP Vulnerability CVE-2022-31631 - 3d
A critical security vulnerability, CVE-2022-31631, has been identified in PHP that could expose websites and applications to SQL injection attacks. The vulnerability resides in the PDO::quote() function when used with SQLite databases. This flaw stems from an integer overflow issue, potentially leading to improper string sanitization. Successful exploitation could allow attackers to inject malicious code, gain control of the database, steal sensitive data, or modify database content.
Users of PHP are urged to update to patched versions immediately. The vulnerability affects PHP versions 8.0.x before 8.0.27, 8.1.x before 8.1.15, and 8.2.x before 8.2.2. Fixed versions include PHP versions 8.0.27, 8.1.15, or 8.2.2 (or later). NetApp has issued an advisory, NTAP-20230223-0007, acknowledging the vulnerability in multiple NetApp products, stating successful exploitation could lead to Denial of Service (DoS).
ImgSrc: cyble.com
References:
- cyble.com - CVE-2022-31631: High-Risk PHP Vulnerability Demands Immediate Patch - 3d
- security.netapp.com - Security Advisory for CVE-2022-31631 - 3d
- Cyble Podcast | Cybersecurity & Threat Intelligence Insights - CVE-2022-31631: High-Risk PHP Vulnerability Demands Immediate Patch - 3d
Classification:
- HashTags: PHP SQLInjection Vulnerability
- Company: Cyble, PHP Group, NetApp
- Target: PHP Applications
- Product: PHP
- Feature: String Sanitization
- Type: Vulnerability
- Severity: Critical