CVE-2020-15148

Published: 15/09/2020 Updated: 22/09/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 10 | Impact Score: 6 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory.

Vulnerable Product	Search on Vulmon	Subscribe to Product
yiiframework yii

Check Point Reference: CPAI-2020-4126 Date Published: 19 Feb 2024 Severity: Critical ...

cve-2020-15148

cve-2020-15148 cve-2020-15148

cve-2020-15148

cve-2020-15148 cve-2020-15148

几条关于CVE-2020-15148（yii2反序列化）的绕过

CVE-2020-15148-bypasses 几条关于CVE-2020-15148（yii2反序列化）的绕过 poc1 这一个是在2037版本可利用的，2038修复了这，也就是这个被分配了CVE-2020-15148，后面的三个是绕过 <?php namespace yii\rest{ class CreateAction{ public $checkAccess; public $id; public function __construct(){ $th

CWE-502 https://github.com/yiisoft/yii2/commit/9abccb96d7c5ddb569f92d1a748f50ee9b3e2b99 https://github.com/yiisoft/yii2/security/advisories/GHSA-699q-wcff-g9mj https://nvd.nist.gov https://github.com/Kamimuka/cve-2020-15148 https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2020-4126.html

CVE-2020-15148

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect