CVE-2022-31629


$_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.



We have discovered 901,330 live websites that are affected by CVE-2022-31629.

Contact us to get more info




Affected Software

Product  PHP
Category Programming Languages
Vulnerable Versions
  • from 7.4 before 7.4.31
  • from 8 before 8.0.24
  • from 8.1 before 8.1.11
Total Vulnerable Versions516
Vulnerable Domains901,330 live websites (8.62% of PHP install base)


Common Weakness Enumeration


CWE-20 Improper Input Validation



Details

  • Published - Sep 28, 2022
  • Updated - May 2, 2024

Credits

  • reported by squarcina at gmail dot com





Countries

United States407,383 websites



France195,149 websites
Russia40,064 websites
Japan35,956 websites
Germany34,025 websites
Netherlands15,050 websites
Argentina14,513 websites
Brazil12,254 websites
China10,546 websites
GB10,315 websites

TLDs

.com441,871 websites
.fr77,941 websites
.org52,554 websites
.ru35,568 websites
.net29,056 websites
.de17,676 websites
.nl13,245 websites
.pl12,836 websites
.com.br12,231 websites
.it11,772 websites

Vulnerable Versions

Vulnerable versions are highlighted in red


References


Websites affected by CVE-2022-31629

Top websites that are affected by CVE-2022-31629. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*********.com United States***
*****.pl Poland*,***
***.*****.pm United States*,***
*******.com Germany*,***
****.org United States*,***
********.jp Japan*,***
***************.org United States*,***
**********.org United States*,***
******.org United States*,***
******.com United States*,***
See full domain list