Summary: A critical vulnerability, CVE-2022-31631, has been identified in PHP that could lead to SQL injection attacks. The flaw, affecting specific versions of PHP, arises from an integer overflow issue when using the PDO::quote() function with SQLite databases. Users are urged to update to the latest PHP versions to mitigate this serious security risk.
Affected: PHP versions 8.0.x before 8.0.27, 8.1.x before 8.1.15, and 8.2.x before 8.2.2
Keypoints :
- Vulnerability identified as CVE-2022-31631 with a CVSS score of 9.1.
- Integer overflow issue in PDO::quote() can lead to improperly sanitized user data.
- Exploitation of this flaw may result in SQL injection, exposing sensitive data and server control to attackers.
- Users must upgrade to PHP versions 8.0.27, 8.1.15, or 8.2.2 or later immediately.
- Reviewing code for data sanitization practices is essential even after updating PHP.