A critical vulnerability in PHP’s widely-used PDO (PHP Data Objects) library has been discovered that enables attackers to inject malicious SQL commands even when developers implement prepared statements correctly.
The security flaw, revealed through analysis of a DownUnderCTF capture-the-flag challenge, exploits weaknesses in PDO’s SQL parser and affects millions of web applications worldwide.
https://gbhackers.com/php-pdo-flaw/