In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.
                
            Metrics
Affected Vendors & Products
References
        History
                    Sat, 12 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | epss 
 | epss 
 | 
Wed, 02 Jul 2025 22:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Php Php php Sqlite Sqlite sqlite | |
| CPEs | cpe:2.3:a:php:php:*:*:*:*:*:*:*:* cpe:2.3:a:sqlite:sqlite:*:*:*:*:*:*:*:* | |
| Vendors & Products | Php Php php Sqlite Sqlite sqlite | 
Thu, 13 Feb 2025 16:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
Wed, 12 Feb 2025 23:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| References |  | 
Wed, 12 Feb 2025 22:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | A flaw was found in PHP. This issue occurs due to an uncaught integer overflow in PDO::quote() of PDO_SQLite returning an improperly quoted string. With the implementation of sqlite3_snprintf(), it is possible to force the function to return a single apostrophe if the function is called on user-supplied input without any length restrictions in place. | In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities. | 
| Title | php: PDO:: quote() may return unquoted string due to an integer overflow | PDO::quote() may return unquoted string | 
| Weaknesses | CWE-74 | |
| Metrics | cvssV3_1 
 | cvssV3_1 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: php
Published: 2025-02-12T22:10:45.418Z
Updated: 2025-02-13T16:06:41.825Z
Reserved: 2022-05-25T21:03:32.861Z
Link: CVE-2022-31631
 Vulnrichment
                        Vulnrichment
                    Updated: 2025-02-12T23:02:37.689Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2025-02-12T22:15:29.007
Modified: 2025-07-02T21:35:56.150
Link: CVE-2022-31631
 Redhat
                        Redhat