Description
The (1) sqlite_single_query and (2) sqlite_array_query functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory.
Remediation
References
Related Vulnerabilities
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4402)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-16942)
WordPress Plugin YOP Poll Cross-Site Scripting (5.7.3)
TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-0815)