CVE-2010-1868

Name of the Vulnerable Software and Affected Versions PHP versions 5.2 through 5.2.13 PHP versions 5.3 through 5.3.2

Description The issue allows context-dependent attackers to execute arbitrary code by calling certain functions with an empty SQL query, triggering access of uninitialized memory. This is related to the sqlite single query and sqlite array query functions in the ext/sqlite/sqlite.c file.

Recommendations For PHP versions 5.2 through 5.2.13, update to a version outside of this range to resolve the issue. For PHP versions 5.3 through 5.3.2, update to a version outside of this range to resolve the issue. As a temporary workaround, consider avoiding the use of empty SQL queries with the sqlite single query and sqlite array query functions until a patch is available.