CVE-2022-31631
PDO::quote() may return unquoted stringIn PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.
We have discovered 127,062 live websites that are affected by CVE-2022-31631.
Affected Software
| Product |  PHP |
| Category | Programming Languages |
| Vulnerable Domains | 127,062 live websites (1.74% of PHP install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 43 versions ( 8.33% of all versions) |
Common Weakness Enumeration
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')Details
- Published - Feb 12, 2025
- Updated - Feb 13, 2025
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2022-31631 United States | 29,070 websites |
 France | 61,426 websites |
 Russia | 4,470 websites |
 Poland | 3,443 websites |
 Germany | 3,398 websites |
 Netherlands | 2,643 websites |
 Spain | 2,512 websites |
 Brazil | 2,271 websites |
 Italy | 1,970 websites |
 GB | 1,424 websites |
Website Distribution by TLD
Number of websites using CVE-2022-31631| .com | 46,862 websites |
| .fr | 25,778 websites |
| .org | 5,809 websites |
| .ru | 4,459 websites |
| .net | 3,812 websites |
| .pl | 3,253 websites |
| .it | 3,194 websites |
| .be | 3,107 websites |
| .de | 2,568 websites |
| .nl | 2,452 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2022-31631
Top websites that are affected by CVE-2022-31631. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **********.edu | United States | *,*** | |
| ***************.com |  Singapore | *,*** | |
| ***********.com | United States | *,*** | |
| ******************.com | Singapore | **,*** | |
| ****.org | United States | **,*** | |
| **********.com |  India | **,*** | |
| ***.org | United States | **,*** | |
| *****.sh | Netherlands | **,*** | |
| ***.cc |  Cocos(Keeling) Island | **,*** | |
| *****.de | Germany | **,*** |
FAQ
CVE-2022-31631 is Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in PHP
A total of 127,062 websites have been identified as vulnerable to CVE-2022-31631, based on global website indexing conducted by WebTechSurvey.
The PHP is affected by the CVE-2022-31631 vulnerability.
PHP versions up to 8.2.2 are vulnerable to CVE-2022-31631.
CVE-2022-31631 is resolved in version 8.2.2 of PHP.