Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yiiframework yii vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-15148
Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory.
Yiiframework Yii
3 Github repositories
7.5
CVSSv2
CVE-2018-7269
The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x prior to 2.0.15 allows remote malicious users to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer recognizes an undocumented need to sanitize array input.
Yiiframework Yii
1 Github repository
7.5
CVSSv2
CVE-2018-8073
Yii 2.x prior to 2.0.15 allows remote malicious users to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack in conjunction with the Redis extension.
Yiiframework Yii
7.5
CVSSv2
CVE-2014-4672
The CDetailView widget in Yii PHP Framework 1.1.14 allows remote malicious users to execute arbitrary PHP scripts via vectors related to the value property.
Yiiframework Yiiframework 1.1.14
6.8
CVSSv2
CVE-2018-8074
Yii 2.x prior to 2.0.15 allows remote malicious users to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension.
Yiiframework Yii
6.8
CVSSv2
CVE-2018-6009
In Yii Framework 2.x prior to 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity.
Yiiframework Yiiframework 2.0.0
Yiiframework Yiiframework 2.0.2
Yiiframework Yiiframework 2.0.7
Yiiframework Yiiframework 2.0.9
Yiiframework Yiiframework 2.0.13.1
Yiiframework Yiiframework 2.0.11
Yiiframework Yiiframework 2.0.11.1
Yiiframework Yiiframework 2.0.11.2
Yiiframework Yiiframework 2.0.12
Yiiframework Yiiframework 2.0.3
Yiiframework Yiiframework 2.0.4
Yiiframework Yiiframework 2.0.5
Yiiframework Yiiframework 2.0.6
Yiiframework Yiiframework 2.0.1
Yiiframework Yiiframework 2.0.8
Yiiframework Yiiframework 2.0.10
Yiiframework Yiiframework 2.0.13
5
CVSSv2
CVE-2021-3692
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
Yiiframework Yii
5
CVSSv2
CVE-2021-3689
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
Yiiframework Yii
5
CVSSv2
CVE-2018-6010
In Yii Framework 2.x prior to 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/except...
Yiiframework Yiiframework 2.0.0
Yiiframework Yiiframework 2.0.4
Yiiframework Yiiframework 2.0.6
Yiiframework Yiiframework 2.0.11
Yiiframework Yiiframework 2.0.11.2
Yiiframework Yiiframework 2.0.7
Yiiframework Yiiframework 2.0.8
Yiiframework Yiiframework 2.0.9
Yiiframework Yiiframework 2.0.10
Yiiframework Yiiframework 2.0.1
Yiiframework Yiiframework 2.0.2
Yiiframework Yiiframework 2.0.13
Yiiframework Yiiframework 2.0.13.1
Yiiframework Yiiframework 2.0.3
Yiiframework Yiiframework 2.0.5
Yiiframework Yiiframework 2.0.11.1
Yiiframework Yiiframework 2.0.12
4.3
CVSSv2
CVE-2018-20745
Yii 2.x up to and including 2.0.15.1 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.
Yiiframework Yii
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »