Lucene search

[email protected]NVD:CVE-2023-26750

HistoryApr 04, 2023 - 3:15 p.m.

CVE-2023-26750

2023-04-0415:15:08

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

yii framework

remote code execution

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

73.6%

JSON

SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function. NOTE: the software maintainer’s position is that the vulnerability is in third-party code, not in the framework.

Affected configurations

Nvd

Node

yiiframeworkyiiRange2.0.0–2.0.47

VendorProductVersionCPE
yiiframeworkyii*cpe:2.3:a:yiiframework:yii:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
yiiframework	yii	*	cpe:2.3:a:yiiframework:yii::::::::

References

github.com/yiisoft/yii2/issues/19755

github.com/yiisoft/yii2/issues/19755#issuecomment-1426155955

github.com/yiisoft/yii2/issues/19755#issuecomment-1505390813

github.com/yiisoft/yii2/issues/19755#issuecomment-1505560351

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

73.6%

JSON

Related for NVD:CVE-2023-26750

github1 cvelist1 prion1 cve1 osv1