Description
The (1) sqlite_single_query and (2) sqlite_array_query functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2009-1964 Vulnerability (CVE-2009-1964)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-16943)
MySQL CVE-2012-3163 Vulnerability (CVE-2012-3163)
Claroline Other Vulnerability (CVE-2006-3257)
Oracle Database Server CVE-2007-5520 Vulnerability (CVE-2007-5520)