Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yiiframework yii vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-5467
web\ViewAction in Yii (aka Yii2) 2.x prior to 2.0.5 allows malicious users to execute any local .php file via a relative path in the view parameeter.
Yiiframework Yii
NA
CVE-2022-41922
`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. This has been patched in 1.1.27.
Yiiframework Yii
7.5
CVSSv2
CVE-2020-15148
Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory.
Yiiframework Yii
3 Github repositories
5
CVSSv2
CVE-2021-3689
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
Yiiframework Yii
5
CVSSv2
CVE-2021-3692
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
Yiiframework Yii
7.5
CVSSv2
CVE-2018-8073
Yii 2.x prior to 2.0.15 allows remote malicious users to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack in conjunction with the Redis extension.
Yiiframework Yii
NA
CVE-2023-47130
Yii is an open source PHP web framework. yiisoft/yii before version 1.1.29 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. An attacker may leverage this vulnerability to compromise the host system. A fix has been dev...
Yiiframework Yii
6.8
CVSSv2
CVE-2018-8074
Yii 2.x prior to 2.0.15 allows remote malicious users to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension.
Yiiframework Yii
NA
CVE-2023-26750
SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote malicious user to execute arbitrary code via the runAction function. NOTE: the software maintainer's position is that the vulnerability is in third-party code, not in the f...
Yiiframework Yii
7.5
CVSSv2
CVE-2018-7269
The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x prior to 2.0.15 allows remote malicious users to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer recognizes an undocumented need to sanitize array input.
Yiiframework Yii
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »