CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31631 – PDO::quote() may return unquoted string
https://notcve.org/view.php?id=CVE-2022-31631
11 Jan 2023 — In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities. A flaw was found in PHP. This issue occurs due to an uncaught integer overflow in PDO::quote() of PDO_SQLite returning an improperly quoted string. With the implementation of sqlite3_snprintf(), it is possible to force th... • https://bugs.php.net/bug.php?id=81740 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-190: Integer Overflow or Wraparound •
CVSS: 9.3EPSS: 4%CPEs: 85EXPL: 0CVE-2006-3017 – Debian Linux Security Advisory 1206-1
https://notcve.org/view.php?id=CVE-2006-3017
14 Jun 2006 — zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the variable's value to be used in security-relevant operations. Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. • ftp://patches.sgi.com/support/free/security/advisories/20060701-01-U •