8.8
CVSSv3

CVE-2022-31626

Published: 16/06/2022 Updated: 27/06/2022
CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Vulnerability Summary

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

php php

Vendor Advisories

Several security issues were fixed in PHP ...
Severity Unknown Remote Unknown Type Unknown Description AVG-2767 php7 7429-1 7430-1 Unknown Vulnerable AVG-2768 php 816-2 817-1 Unknown Fixed ...

Github Repositories

Advisory of Exploits AI POP Builder Collection of PHP binary bugs advisory Unfixed GMP Type confusion in unserialize Idea: bypass delayed __wakeup and exploit unfixed GMP type confusion bug in PHP <= 5640 POC source: GMP_type_conf_POCphp Advisory CVE-2022-31626 analysis Idea: heap buffer overflow in mysqlnd, PHP <= 7429 POC source: /cve_2022_31626_remote_exp