Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yiiframework yii vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2020-15148
Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory.
Yiiframework Yii
3 Github repositories
668
VMScore
CVE-2018-7269
The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x prior to 2.0.15 allows remote malicious users to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer recognizes an undocumented need to sanitize array input.
Yiiframework Yii
1 Github repository
668
VMScore
CVE-2018-8073
Yii 2.x prior to 2.0.15 allows remote malicious users to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack in conjunction with the Redis extension.
Yiiframework Yii
668
VMScore
CVE-2014-4672
The CDetailView widget in Yii PHP Framework 1.1.14 allows remote malicious users to execute arbitrary PHP scripts via vectors related to the value property.
Yiiframework Yiiframework 1.1.14
605
VMScore
CVE-2018-8074
Yii 2.x prior to 2.0.15 allows remote malicious users to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension.
Yiiframework Yii
605
VMScore
CVE-2018-6009
In Yii Framework 2.x prior to 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity.
Yiiframework Yiiframework 2.0.0
Yiiframework Yiiframework 2.0.2
Yiiframework Yiiframework 2.0.7
Yiiframework Yiiframework 2.0.9
Yiiframework Yiiframework 2.0.13.1
Yiiframework Yiiframework 2.0.11
Yiiframework Yiiframework 2.0.11.1
Yiiframework Yiiframework 2.0.11.2
Yiiframework Yiiframework 2.0.12
Yiiframework Yiiframework 2.0.3
Yiiframework Yiiframework 2.0.4
Yiiframework Yiiframework 2.0.5
Yiiframework Yiiframework 2.0.6
Yiiframework Yiiframework 2.0.1
Yiiframework Yiiframework 2.0.8
Yiiframework Yiiframework 2.0.10
Yiiframework Yiiframework 2.0.13
445
VMScore
CVE-2021-3692
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
Yiiframework Yii
445
VMScore
CVE-2021-3689
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
Yiiframework Yii
445
VMScore
CVE-2018-6010
In Yii Framework 2.x prior to 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/except...
Yiiframework Yiiframework 2.0.0
Yiiframework Yiiframework 2.0.4
Yiiframework Yiiframework 2.0.6
Yiiframework Yiiframework 2.0.11
Yiiframework Yiiframework 2.0.11.2
Yiiframework Yiiframework 2.0.7
Yiiframework Yiiframework 2.0.8
Yiiframework Yiiframework 2.0.9
Yiiframework Yiiframework 2.0.10
Yiiframework Yiiframework 2.0.1
Yiiframework Yiiframework 2.0.2
Yiiframework Yiiframework 2.0.13
Yiiframework Yiiframework 2.0.13.1
Yiiframework Yiiframework 2.0.3
Yiiframework Yiiframework 2.0.5
Yiiframework Yiiframework 2.0.11.1
Yiiframework Yiiframework 2.0.12
383
VMScore
CVE-2018-20745
Yii 2.x up to and including 2.0.15.1 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.
Yiiframework Yii
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »