Yii Yii2 Gii prior to 2.2.2 allows remote malicious users to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
yiiframework gii |