Lucene search
+L

274 matches found

nvd
nvd
added 2025/02/12 10:15 p.m.7 views

CVE-2022-31631

In PHP versions 8.0. before 8.0.27, 8.1. before 8.1.15, 8.2. before 8.2.2 when using PDO::quote function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities...

9.1CVSS0.02134EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/02/12 10:10 p.m.9 views

CVE-2022-31631 PDO::quote() may return unquoted string

In PHP versions 8.0. before 8.0.27, 8.1. before 8.1.15, 8.2. before 8.2.2 when using PDO::quote function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities...

9.1CVSS7.9AI score0.02134EPSS
Exploits0References1
osv
osv
added 2025/02/12 10:10 p.m.17 views

CVE-2022-31631 PDO::quote() may return unquoted string

In PHP versions 8.0. before 8.0.27, 8.1. before 8.1.15, 8.2. before 8.2.2 when using PDO::quote function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities...

9.1CVSS6.9AI score0.02134EPSS
Exploits0References4
nvd
nvd
added 2025/01/29 4:15 p.m.15 views

CVE-2025-24792

Snowflake PHP PDO Driver is a driver that uses the PHP Data Objects PDO extension to connect to the Snowflake database. Snowflake discovered and remediated a vulnerability in the Snowflake PHP PDO Driver where executing unsupported queries like PUT or GET on stages causes a signed-to-unsigned...

4.4CVSS0.00126EPSS
Exploits0References1
cve
cve
added 2025/01/29 3:27 p.m.64 views

CVE-2025-24792

CVE-2025-24792 concerns the Snowflake PHP PDO Driver: executing unsupported queries (e.g., PUT/GET on stages) triggers a signed-to-unsigned conversion error that crashes the application. Affected versions are 0.2.0–3.0.3; the issue is fixed in 3.1.0. Remediation is to upgrade to 3.1.0 or later. I...

4.4CVSS7AI score0.00126EPSS
Exploits0References1
osv
osv
added 2025/01/29 3:27 p.m.9 views

CVE-2025-24792 Snowflake PHP PDO Driver has a Signed-to-Unsigned Conversion Error

Snowflake PHP PDO Driver is a driver that uses the PHP Data Objects PDO extension to connect to the Snowflake database. Snowflake discovered and remediated a vulnerability in the Snowflake PHP PDO Driver where executing unsupported queries like PUT or GET on stages causes a signed-to-unsigned...

4.4CVSS6.9AI score0.00126EPSS
Exploits0References3
cvelist
cvelist
added 2025/01/29 3:27 p.m.20 views

CVE-2025-24792 Snowflake PHP PDO Driver has a Signed-to-Unsigned Conversion Error

Snowflake PHP PDO Driver is a driver that uses the PHP Data Objects PDO extension to connect to the Snowflake database. Snowflake discovered and remediated a vulnerability in the Snowflake PHP PDO Driver where executing unsupported queries like PUT or GET on stages causes a signed-to-unsigned...

4.4CVSS0.00126EPSS
Exploits0References1
osv
osv
added 2025/01/14 7:21 p.m.14 views

BIT-PHP-MIN-2022-31626 mysqlnd/pdo password buffer overflow

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdomysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can...

8.8CVSS9.4AI score0.5838EPSS
Exploits2References8
slackware
slackware
added 2024/11/22 10:41 p.m.34 views

[slackware-security] php

New php packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: extra/php81/php81-8.1.31-i586-1slack15.0.txz: Upgraded. This update fixes bugs and security issues: LDAP: Fixed bug GHSA-g665-fm4p-vhff OOB access in...

9.8CVSS7.8AI score0.02286EPSS
Exploits4
packetstorm
packetstorm
added 2024/08/09 12:0 a.m.282 views

E-Commerce Site Using PHP PDO 1.0 Cross Site Scripting

============================================================================================================================================= | Title : E-Commerce Site using PHP PDO v1.0 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 ...

7.4AI score
Exploits0
packetstorm
packetstorm
added 2024/08/08 12:0 a.m.312 views

E-Commerce Site Using PHP PDO 1.0 Insecure Settings

============================================================================================================================================= | Title : E-Commerce Site using PHP PDO v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

7.4AI score
Exploits0
packetstorm
packetstorm
added 2024/08/07 12:0 a.m.277 views

E-Commerce Site Using PHP PDO 1.0 Directory Traversal

============================================================================================================================================= | Title : E-Commerce Site using PHP PDO v1.0 Directory traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

7.4AI score
Exploits0
redos
redos
added 2024/07/03 12:0 a.m.16 views

ROS-20240702-05

A vulnerability in the qstr method in the adodb library PDO driver is associated with the ability for remote attackers to to conduct SQL injection attacks using vectors associated with misquoted vectors. Exploitation of the vulnerability could allow an attacker acting remotely to conduct an attac...

9.8CVSS7.8AI score0.02984EPSS
Exploits0
openvas
openvas
added 2024/06/19 12:0 a.m.18 views

openSUSE Security Advisory (SUSE-SU-2024:2039-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS6.8AI score0.12117EPSS
Exploits1References4
osv
osv
added 2024/06/07 10:25 p.m.28 views

GHSA-V42G-7Q2X-CW32 Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite)

The PDO adapters of Zend Framework 1 do not filter null bytes values in SQL statements. A PDO adapter can treat null bytes in a query as a string terminator, allowing an attacker to add arbitrary SQL following a null byte, and thus create a SQL injection. We tested and verified the null byte...

9.8CVSS8AI score
Exploits0References3
github
github
added 2024/06/07 10:25 p.m.17 views

Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite)

The PDO adapters of Zend Framework 1 do not filter null bytes values in SQL statements. A PDO adapter can treat null bytes in a query as a string terminator, allowing an attacker to add arbitrary SQL following a null byte, and thus create a SQL injection. We tested and verified the null byte...

8AI score
Exploits0References3Affected Software1
susecve
susecve
added 2024/05/03 2:9 a.m.6 views

SUSE CVE-2024-26995

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Correct the PDO counting in pdset Off-by-one errors happen because nrsnkpdo and nrsrcpdo are incorrectly added one. The index of the loop is equal to the number of PDOs to be updated when leaving the loop and it...

5.5CVSS6.8AI score0.00236EPSS
Exploits0References13
osv
osv
added 2024/05/01 6:15 a.m.3 views

DEBIAN-CVE-2024-26995

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Correct the PDO counting in pdset Off-by-one errors happen because nrsnkpdo and nrsrcpdo are incorrectly added one. The index of the loop is equal to the number of PDOs to be updated when leaving the loop and it...

7.8CVSS6AI score0.00236EPSS
Exploits0References1
cve
cve
added 2024/05/01 5:28 a.m.3649 views

CVE-2024-26995

The CVE-2024-26995 issue affects the Linux kernel USB Type-C controller (tcpdm) code path, specifically pd_set handling in usb: typec: tcpm. The root cause is an off-by-one error where nr_snk_pdo and nr_src_pdo are incremented one time too many, causing loop index misalignment during Power Negoti...

7.8CVSS6.6AI score0.00236EPSS
Exploits0References5Affected Software1
osv
osv
added 2024/05/01 5:28 a.m.15 views

CVE-2024-26995 usb: typec: tcpm: Correct the PDO counting in pd_set

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Correct the PDO counting in pdset Off-by-one errors happen because nrsnkpdo and nrsrcpdo are incorrectly added one. The index of the loop is equal to the number of PDOs to be updated when leaving the loop and it...

7.8CVSS6.2AI score0.00236EPSS
Exploits0References8
Rows per page
Query Builder