CVE-2022-31626

HIGH

PHP <7.4.30, <8.0.20, and <8.1.7 - Code Execution via pdo_mysql Buffer Overflow

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-31626. PoCs published by amitlttwo.

AI-analyzed exploit summary This PoC exploits a buffer overflow in PHP's pdo_mysql extension (CVE-2022-31626) by sending a crafted POST request with an excessively long password, leading to remote code execution. The exploit includes heap manipulation and memory leak techniques to achieve reliability.

Description

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.

Exploits (1)

nomisec WORKING POC 6 stars

by amitlttwo · poc

https://github.com/amitlttwo/CVE-2022-31626

View Code ZIP pw:eip

This PoC exploits a buffer overflow in PHP's pdo_mysql extension (CVE-2022-31626) by sending a crafted POST request with an excessively long password, leading to remote code execution. The exploit includes heap manipulation and memory leak techniques to achieve reliability.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: PHP 7.4.x < 7.4.30, 8.0.x < 8.0.20, 8.1.x < 8.1.7 with pdo_mysql and mysqlnd

No auth needed

Prerequisites: Target must be running vulnerable PHP version with pdo_mysql and mysqlnd · Attacker must be able to send POST requests to the target

MITRE ATT&CK