Yiiframework

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-8074 1Yiiframework 1Yii Nov 21, 2024 Mar 21, 2018 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 Yii 2.x before 2.0.15 allows remote attackers to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension.
CVE-2018-8073 1Yiiframework 1Yii Nov 21, 2024 Mar 21, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack in conjunction with the Redis extension.
CVE-2018-7269 1Yiiframework 1Yii Nov 21, 2024 Mar 21, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer recognizes an undocume...Show more The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer recognizes an undocumented need to sanitize array input.Show less
CVE-2018-6010 1Yiiframework 1Yiiframework Nov 21, 2024 Jan 22, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHand...Show more In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php.Show less
CVE-2018-6009 1Yiiframework 1Yiiframework Nov 21, 2024 Jan 22, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity.
CVE-2017-11516 1Yiiframework 1Yii May 13, 2026 Jul 21, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception->errorInfo is mishandled.
CVE-2015-3397 1Yiiframework 1Yiiframework May 6, 2026 May 14, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6 or 7.
CVE-2014-4672 1Yiiframework 1Yiiframework May 6, 2026 Jul 3, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property.

Previous 12