Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yiiframework yii vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-7269
The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x prior to 2.0.15 allows remote malicious users to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer recognizes an undocumented need to sanitize array input.
Yiiframework Yii
1 Github repository
10
CVSSv3
CVE-2020-15148
Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory.
Yiiframework Yii
3 Github repositories
7.5
CVSSv3
CVE-2021-3689
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
Yiiframework Yii
9.8
CVSSv3
CVE-2023-26750
SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote malicious user to execute arbitrary code via the runAction function. NOTE: the software maintainer's position is that the vulnerability is in third-party code, not in the f...
Yiiframework Yii
9.8
CVSSv3
CVE-2023-47130
Yii is an open source PHP web framework. yiisoft/yii before version 1.1.29 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. An attacker may leverage this vulnerability to compromise the host system. A fix has been dev...
Yiiframework Yii
9.8
CVSSv3
CVE-2022-41922
`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. This has been patched in 1.1.27.
Yiiframework Yii
5.9
CVSSv3
CVE-2018-20745
Yii 2.x up to and including 2.0.15.1 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.
Yiiframework Yii
5.3
CVSSv3
CVE-2021-3692
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
Yiiframework Yii
8.1
CVSSv3
CVE-2018-8074
Yii 2.x prior to 2.0.15 allows remote malicious users to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension.
Yiiframework Yii
9.8
CVSSv3
CVE-2018-8073
Yii 2.x prior to 2.0.15 allows remote malicious users to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack in conjunction with the Redis extension.
Yiiframework Yii
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »