Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
PHP Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability - CVE-2022-31631 - Vulnerability Database
PHP

PHP Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability - CVE-2022-31631

Critical
Reference: CVE-2022-31631
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2022-31631
Title: PHP Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
Overview:

In PHP versions 8.0. before 8.0.27 8.1. before 8.1.15 8.2. before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite supplying an overly long string may cause the driver to incorrectly quote the data which may further lead to SQL injection vulnerabilities.