1. Summary

Vulnerability Name PHP Remote Code Execution Vulnerability (CVE-2022-31626)
Release Time June 10, 2022
Component Name PHP
Affected Versions 8.1.0 ≤ PHP < 8.1.7
8.0.0 ≤ PHP < 8.0.20
7.0.0 ≤ PHP < 7.4.30
Vulnerability Type Remote Code Execution
Exploitability Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low 
User Interaction: None 
Impact Severity: CVSS v3 Base Score: 8.8 (High)
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

2. About CVE-2022-31626

2.1 Introduction

PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely used open-source general-purpose scripting language for web development and can be embedded into HTML.

2.2 Summary

On June 10, 2022, Sangfor FarSight Labs received a notice about a PHP remote code execution vulnerability (CVE-2022-31626), which is classified as high severity with a CVSS score of 8.8.

A buffer overflow vulnerability was found in PHP when processing passwords in mysqlnd/pdo in mysqlnd_wireprotocol.c. When using the pdo_mysql extension with mysqlnd driver, if a third party is allowed to connect to the host and supplies a MySQL database server password in the mysqlnd driver, a password of excessive length can trigger a buffer overflow in PHP. This flaw allows a remote attacker to pass a password (with an excessive length) via PDO to the MySQL server, triggering arbitrary code execution on the target system.

3. Affected Versions

8.1.0 ≤ PHP < 8.1.7
8.0.0 ≤ PHP < 8.0.20
7.0.0 ≤ PHP < 7.4.30

4. Solutions

4.1 Remediation Solutions

4.1.1 Check the Component Version

Option 1. Check PHP Command

Enter the following command in the PHP installation path (this operation can be performed in any directory of PHP configured with environment variables)
php -v or php --version

 CVE-2022-31626 Solutions: Option 1. Check PHP Command

Option 2. Check phpinfo Page

Create a phpinfo.php file in the root directory of the website with the following content:
<?php phpinfo(); ?>
Visit this page after creation to view the current version.

 CVE-2022-31626 Solutions: Option 2. Check phpinfo Page

4.1.2 PHP Solution

Users can update their affected products to the latest version to fix the vulnerability.

4.2 Sangfor Solutions

4.2.1 Active Detection

    The following Sangfor products and services actively detect assets affected by the PHP Remote Code Execution Vulnerability (CVE-2022-31626):
Sangfor Cyber Guardian (Managed Detection and Response)

4.2.2 Security Monitoring

The following Sangfor products and services perform real-time monitoring of assets affected by the PHP Remote Code Execution Vulnerability (CVE-2022-31626):

5. Timeline

On June 10, 2022, Sangfor FarSight Labs received a notice about the PHP Remote Code Execution Vulnerability (CVE-2022-31626).
On June 10, 2022, Sangfor FarSight Labs released a vulnerability alert with remediation solutions.

6. Reference

https://bugs.php.net/bug.php?id=81719

7. Learn More

Sangfor FarSight Labs researches the latest cyberthreats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyberthreats, providing fast and easy protection for customers.

Listen To This Post

Search

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Name
Email Address
Business Phone Number
Tell us about your project requirements

Related Articles

CVE-2024-47575: Fortinet FortiManager Authentication Vulnerability

Date : 25 Oct 2024
Read Now

CVE-2024-38819: Path Traversal Vulnerability

Date : 19 Oct 2024
Read Now

CVE-2024-40766: SonicWALL SonicOS Access Control Flaw Vulnerability

Date : 12 Sep 2024
Read Now

See Other Product

Cyber Command - NDR Platform
Endpoint Secure
Internet Access Gateway (IAG)
Sangfor Network Secure - Next Generation Firewall
Platform-X
Sangfor Access Secure