Description

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.

Remediation

References

CVE-2022-31625

Related Vulnerabilities

Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-28783)

WordPress Plugin Limit Attempts by BestWebSoft Multiple Vulnerabilities (1.0.3)

Joomla! Core 2.5.x Cross-Site Scripting (2.5.0 - 2.5.6)

Internet Information Services Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-0075)

SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-0931)

Severity

High

Classification

CVE-2022-31625 CWE-763 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities