CVE-2022-31631 Information

Description

In PHP versions 8.0. before 8.0.27 8.1. before 8.1.15 8.2. before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite supplying an overly long string may cause the driver to incorrectly quote the data which may further lead to SQL injection vulnerabilities.

Reference

https://bugs.php.net/bug.php?id=81740 https://security.netapp.com/advisory/ntap-20230223-0007/