CVE-2022-31626
mysqlnd/pdo password buffer overflowIn PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.
We have discovered 945,201 live websites that are affected by CVE-2022-31626.
Contact us to get more info
Affected Software
| |
---|
Product | PHP |
Category | Programming Languages |
Vulnerable Versions | - from 7.4 before 7.4.30
- from 8 before 8.0.20
- from 8.1 before 8.1.7
|
Total Vulnerable Versions | 507 |
Vulnerable Domains | 945,201 live websites (7.81% of PHP install base) |
Common Weakness Enumeration
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2022-31626 and the relative popularity of websites