{"vulnerability": "CVE-2022-31626", "sightings": [{"uuid": "d26959d8-d275-4cb1-9abc-c068f4eba237", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31626", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/132", "content": "\ud83d\udca5 We have reproduced CVE-2022-31626, an RCE in PHP <= 7.4.29 which can be triggered via a rogue MySQL/MariaDB server! \n\nIt's a Heap Overflow, works with MySQLi/PDO, and doesn't require LOAD LOCAL INFILE. \n\nThe PoC \ud83d\udc49https://github.com/CFandR-github/PHP-binary-bugs/tree/main/cve_2022_31626_remote_exploit", "creation_timestamp": "2022-06-23T10:22:39.000000Z"}, {"uuid": "1c1d5aa2-6a65-44b5-8eb2-b4ced9f478af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31626", "type": "seen", "source": "https://t.me/dfirclub/67", "content": "\u0631\u0648\u0644 Suricata \u0628\u0631\u0627\u06cc \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc Exploit \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CVE-2022-31626: PHP Windows Remote Code Execution (Unauthenticated)\n\n\ud83d\udc47\ud83d\udc47\ud83d\udc47\ud83d\udc47\ud83d\udc47\ud83d\udc47", "creation_timestamp": "2024-06-15T09:53:43.000000Z"}, {"uuid": "c7cd4f69-2ace-4e07-9338-7995a958f187", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31626", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02", "content": "", "creation_timestamp": "2026-01-27T11:00:00.000000Z"}, {"uuid": "8a3ce6b1-e098-44e9-80fa-9f3e446a7031", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31626", "type": "published-proof-of-concept", "source": "https://t.me/zero_day_uz/182", "content": "\ud83d\udca5 We have reproduced CVE-2022-31626, an RCE in PHP <= 7.4.29 which can be triggered via a rogue MySQL/MariaDB server! \n\nIt's a Heap Overflow, works with MySQLi/PDO, and doesn't require LOAD LOCAL INFILE. \n\nThe PoC \ud83d\udc49https://github.com/CFandR-github/PHP-binary-bugs/tree/main/cve_2022_31626_remote_exploit", "creation_timestamp": "2022-06-25T14:45:43.000000Z"}, {"uuid": "d9b69562-b4e9-42cd-b9f3-7aa054a9d7d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31626", "type": "seen", "source": "https://t.me/cibsecurity/44605", "content": "\u203c CVE-2022-31626 \u203c\n\nIn PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-16T12:21:14.000000Z"}, {"uuid": "598c6a44-4358-4fbb-a72c-cd9e7f245b69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31626", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/6326", "content": "#Analytics\nTop 10 Most Used Vulns of the Month (June 1-30)\n\nCVE-2022-30190 - Follina exploit\nCVE-2022-26134 - OGNL injection in Atlassian Confluence Server/Data Center\nCVE-2022-26809 - Weakness in a core Windows 7/10/Srv19/22 component (RPC)\nCVE-2022-30075 - TP-Link AX50 Auth RCE\nCVE-2022-23222 - Linux Kernel eBPF LPE\nCVE-2022-32275 - Grafana 8.4.3 allows reading files\nCVE-2022-26937 - Windows NFS NLM Portmap Stack Buffer Overflow\nCVE-2022-23088 - Heap Overflow in FreeBSD Wi-Fi Stack\nCVE-2022-31626 - RCE in PHP <=7.4.29\nCVE-2022-30333 - Dir Traversal in rar", "creation_timestamp": "2024-10-12T06:49:41.000000Z"}, {"uuid": "5d9aa40d-6c3b-4927-a578-26aa4e7a8e75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31626", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/256", "content": "CVE-2022-31626 & -/-/31625 : PHP , dba , package - remote code execution vulnerability\nhttps://github.com/CFandR-github/PHP-binary-bugs/tree/main/cve_2022_31626_remote_exploit", "creation_timestamp": "2022-06-23T23:53:55.000000Z"}, {"uuid": "d590a3db-ff01-4bca-8ea1-806b82c33ad9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31626", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6269", "content": "#exploit\n1. CVE-2022-21445:\n\"The Miracle Exploit\"\nhttps://peterjson.medium.com/miracle-one-vulnerability-to-rule-them-all-c3aed9edeea2\n\n2. CVE-2022-31626:\nRCE in PHP <=7.4.29\nhttps://github.com/CFandR-github/PHP-binary-bugs/tree/main/cve_2022_31626_remote_exploit", "creation_timestamp": "2022-06-25T12:47:01.000000Z"}]}