Search for vulnerabilities
Vulnerability details: VCID-tj3y-vw23-aaad
Vulnerability ID VCID-tj3y-vw23-aaad
Aliases CVE-2022-31631
Summary In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.
Status Published
Exploitability 0.5
Weighted Severity 5.3
Risk 2.6
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-190 Integer Overflow or Wraparound
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
System Score Found at
cvssv3 5.9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31631.json
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00027 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00032 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
epss 0.00056 https://api.first.org/data/v1/epss?cve=CVE-2022-31631
cvssv3.1 9.1 https://bugs.php.net/bug.php?id=81740
ssvc Track* https://bugs.php.net/bug.php?id=81740
cvssv3.1 6.9 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31631.json
https://api.first.org/data/v1/epss?cve=CVE-2022-31631
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0567
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0568
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0662
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://security.netapp.com/advisory/ntap-20230223-0007/
2158791 https://bugzilla.redhat.com/show_bug.cgi?id=2158791
bug.php?id=81740 https://bugs.php.net/bug.php?id=81740
CVE-2022-31631 https://nvd.nist.gov/vuln/detail/CVE-2022-31631
GLSA-202408-32 https://security.gentoo.org/glsa/202408-32
RHSA-2023:0848 https://access.redhat.com/errata/RHSA-2023:0848
RHSA-2023:0965 https://access.redhat.com/errata/RHSA-2023:0965
RHSA-2023:2417 https://access.redhat.com/errata/RHSA-2023:2417
RHSA-2023:2903 https://access.redhat.com/errata/RHSA-2023:2903
USN-5818-1 https://usn.ubuntu.com/5818-1/
USN-5905-1 https://usn.ubuntu.com/5905-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31631.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://bugs.php.net/bug.php?id=81740
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-02-13T16:06:19Z/ Found at https://bugs.php.net/bug.php?id=81740
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.04278
EPSS Score 0.00026
Published At April 13, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.