{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-31631","assignerOrgId":"dd77f84a-d19a-4638-8c3d-a322d820ed2b","state":"PUBLISHED","assignerShortName":"php","dateReserved":"2022-05-25T21:03:32.861Z","datePublished":"2025-02-12T22:10:45.418Z","dateUpdated":"2025-02-13T16:06:41.825Z"},"containers":{"cna":{"affected":[{"defaultStatus":"affected","packageName":"pdo_sqlite","product":"PHP","vendor":"PHP Group","versions":[{"lessThan":"8.0.27","status":"affected","version":"8.0.x","versionType":"semver"},{"lessThan":"8.1.15","status":"affected","version":"8.1.x","versionType":"semver"},{"lessThan":"8.2.2","status":"affected","version":"8.2.x","versionType":"semver"}]}],"datePublic":"2022-12-19T13:27:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.&nbsp;&nbsp;</p>"}],"value":"In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":9.1,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-74","description":"CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"dd77f84a-d19a-4638-8c3d-a322d820ed2b","shortName":"php","dateUpdated":"2025-02-12T22:10:45.418Z"},"references":[{"url":"https://bugs.php.net/bug.php?id=81740"}],"source":{"advisory":"https://bugs.php.net/bug.php?id=81740","discovery":"INTERNAL"},"title":"PDO::quote() may return unquoted string","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://security.netapp.com/advisory/ntap-20230223-0007/"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-02-12T23:02:37.689Z"}},{"references":[{"url":"https://bugs.php.net/bug.php?id=81740","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-02-13T16:06:19.759677Z","id":"CVE-2022-31631","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-02-13T16:06:41.825Z"}}]}}