PHP’s sqlite_single_query() function will use uninitialized memory if it is used with an empty SQL query. This can lead to arbitrary code execution.
Affected is PHP 5.2 <= 5.2.13
Affected is PHP 5.3 <= 5.3.2
The vulnerability was discovered by Mateusz Kocielski with his Minerva PHP Fuzzer.
For more information see the Vulnerability chapter of the submitted article.
Proof of concept, exploit or instructions to reproduce
For more information see the Exploitation chapter of the submitted article.
It is recommended to fix this vulnerability by using ecalloc() instead of emalloc() to allocate clean memory.