CVE-2022-31626 With pdo_mysql extension and mysqlnd driver, if the third party allows to connect to the host, and the password is of excessive length, it can't be decrypted by the server.

CVE-2022-31626 With pdo_mysql extension and mysqlnd driver, if the third party allows to connect to the host, and the password is of excessive length, it can't be decrypted by the server.

It has been reported that the vulnerability exists in pdo_mysql extension with mysqlnd driver, which is currently being patched by most of the vendors.
In the following PHP code, the vulnerable code is highlighted in blue.

!DOCTYPE html> html> head> meta charset="utf-8"> title>pdo_mysql: Vulnerability - Remote Code Execution/title> link rel="stylesheet" href="style.css"> /head> body> ?php $mysql_host = ‘localhost’; $mysql_user = ‘root’; $mysql_pass = ‘password’; // connect to the database $result = @mysql_connect($mysql_host, $mysql_user, $mysql_pass) or die(mysql_error()); // select data from the database $result = @mysql_query($result, ‘SELECT * FROM users’) or die(mysql_error()); // store data in memory $user_data = ‘pre>’; // set length of the password $password_len = strlen($mysql_pass); // set length of password $password_len_p = strlen($password_len); // create PHP object from memory $pdo_object = new PDO(‘mysql:host=

Vulnerability – SQL Injection

The vulnerability exists because the variable ‘$user_data’ is not properly sanitized before being passed to the ‘pre>’ string. This will allow malicious code to be executed on the server.

The vulnerable code

This is a vulnerability in the pdo_mysql extension. The vulnerability exists with mysqlnd driver and can allow for remote code execution and SQL injection.
The following code creates an object from memory that is then used to execute a query using PDO::query(). After creating the object, the vulnerable code is highlighted in blue.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe