Описание
In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| esm-infra-legacy/trusty | needed | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| kinetic | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | ignored | end of ESM support, was needed |
| upstream | needs-triage | |
| xenial | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| esm-infra/focal | DNE | |
| esm-infra/xenial | released | 7.0.33-0ubuntu0.16.04.16+esm5 |
| focal | DNE | |
| jammy | DNE | |
| kinetic | DNE | |
| trusty | DNE | |
| upstream | needs-triage | |
| xenial | ignored | end of standard support |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 7.2.24-0ubuntu0.18.04.16 |
| esm-infra/bionic | not-affected | 7.2.24-0ubuntu0.18.04.16 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| kinetic | DNE | |
| trusty | DNE | |
| upstream | needs-triage | |
| xenial | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| esm-infra/focal | not-affected | 7.4.3-4ubuntu2.17 |
| focal | released | 7.4.3-4ubuntu2.17 |
| jammy | DNE | |
| kinetic | DNE | |
| trusty | DNE | |
| upstream | needs-triage | |
| xenial | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | released | 8.1.2-1ubuntu2.10 |
| kinetic | released | 8.1.7-1ubuntu3.2 |
| lunar | released | 8.1.12-1ubuntu3 |
| mantic | DNE | |
| noble | DNE | |
| oracular | DNE |
Показывать по
Ссылки на источники
9.1 Critical
CVSS3
Связанные уязвимости
In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.
In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.
In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before ...
9.1 Critical
CVSS3