CVE-2022-31631— PDO::quote() may return unquoted string

PDO::quote() may return unquoted string

In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

输出中的特殊元素转义处理不恰当(注入)

PHP 安全漏洞

PHP是一种在服务器端执行的脚本语言。 PHP存在安全漏洞。攻击者利用该漏洞可以读取或更改数据。

N/A

N/A