It has been reported that the vulnerability exists in pdo_mysql extension with mysqlnd driver, which is currently being patched by most of the vendors.
In the following PHP code, the vulnerable code is highlighted in blue.

!DOCTYPE html> html> head> meta charset="utf-8"> title>pdo_mysql: Vulnerability - Remote Code Execution/title> link rel="stylesheet" href="style.css"> /head> body> ?php $mysql_host = ‘localhost’; $mysql_user = ‘root’; $mysql_pass = ‘password’; // connect to the database $result = @mysql_connect($mysql_host, $mysql_user, $mysql_pass) or die(mysql_error()); // select data from the database $result = @mysql_query($result, ‘SELECT * FROM users’) or die(mysql_error()); // store data in memory $user_data = ‘pre>’; // set length of the password $password_len = strlen($mysql_pass); // set length of password $password_len_p = strlen($password_len); // create PHP object from memory $pdo_object = new PDO(‘mysql:host=

Vulnerability – SQL Injection

The vulnerability exists because the variable ‘$user_data’ is not properly sanitized before being passed to the ‘pre>’ string. This will allow malicious code to be executed on the server.

The vulnerable code

This is a vulnerability in the pdo_mysql extension. The vulnerability exists with mysqlnd driver and can allow for remote code execution and SQL injection.
The following code creates an object from memory that is then used to execute a query using PDO::query(). After creating the object, the vulnerable code is highlighted in blue.

Timeline

Published on: 06/16/2022 06:15:00 UTC
Last modified on: 07/22/2022 19:15:00 UTC

References