Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-47130 | 1 Yiiframework | 1 Yii | 2023-11-20 | N/A | 9.8 CRITICAL |
| Yii is an open source PHP web framework. yiisoft/yii before version 1.1.29 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. An attacker may leverage this vulnerability to compromise the host system. A fix has been developed for the 1.1.29 release. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2020-15148 | 1 Yiiframework | 1 Yii | 2020-09-22 | 7.5 HIGH | 10.0 CRITICAL |
| Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory. | |||||
| CVE-2018-7269 | 1 Yiiframework | 1 Yii | 2018-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer recognizes an undocumented need to sanitize array input. | |||||
| CVE-2018-8073 | 1 Yiiframework | 1 Yii | 2018-04-17 | 7.5 HIGH | 9.8 CRITICAL |
| Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack in conjunction with the Redis extension. | |||||