Description
Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite without this vulnerability. The SQLite developer has argued that this issue could be due to a misuse of the sqlite_decode_binary() API.
Remediation
References
Related Vulnerabilities
WordPress Plugin Video Gallery /w YouTube, Vimeo Arbitrary File Upload (8.48)
WordPress Plugin EmbedStories-Display social media stories Cross-Site Scripting (0.7.4)
MySQL CVE-2020-2924 Vulnerability (CVE-2020-2924)
phpMyFAQ Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2023-4006)