CVE-2010-1868

PHP 5.2-5.2.13 and 5.3-5.3.2 - Remote Code Execution via sqlite_single_query and sqlite_array_query

Title source: llm

Description

The (1) sqlite_single_query and (2) sqlite_array_query functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory.

References (3)

Core 3

Core References

Various Sources x_refsource_misc

http://php-security.org/2010/05/07/mops-2010-012-php-sqlite_single_query-uninitialized-memory-usage-vulnerability/index.html

Exploit x_refsource_misc

http://php-security.org/2010/05/07/mops-submission-03-sqlite_single_query-sqlite_array_query-uninitialized-memory-usage/index.html

Various Sources x_refsource_misc

http://php-security.org/2010/05/07/mops-2010-013-php-sqlite_array_query-uninitialized-memory-usage-vulnerability/index.html

Scores

EPSS 0.0104

EPSS Percentile 77.7%

Details

CWE

CWE-94

Status published

Products (16)

php/php 5.2.0

php/php 5.2.1

php/php 5.2.2

php/php 5.2.3

php/php 5.2.4

php/php 5.2.5

php/php 5.2.6

php/php 5.2.8

php/php 5.2.9

php/php 5.2.10

... and 6 more

Published May 07, 2010

Tracked Since Feb 18, 2026