Lucene search
K

6 matches found

CNNVD
CNNVD
added 2026/05/20 12:0 a.m.13 views

Yii 输入验证错误漏洞

Yii is a high-performance PHP framework developed by the YII team. It is designed for developing large-scale web applications using components. Yii 2 versions 2.0.54 and earlier contained a vulnerability related to input validation errors. This vulnerability stemmed from a logical flaw in the cor...

7.4CVSS6.4AI score0.00442EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:58 a.m.10 views

CVE-2023-47130

Yii is an open source PHP web framework. yiisoft/yii before version 1.1.29 are vulnerable to Remote Code Execution RCE if the application calls unserialize on arbitrary user input. An attacker may leverage this vulnerability to compromise the host system. A fix has been developed for the 1.1.29...

9.8CVSS7.5AI score0.03147EPSS
Exploits0References1
CISA KEV Catalog
CISA KEV Catalog
added 2025/05/02 12:0 a.m.77 views

Yiiframework Yii Improper Protection of Alternate Path Vulnerability

Yii Framework contains an improper protection of alternate path vulnerability that may allow a remote attacker to execute arbitrary code. This vulnerability could affect other products that implement Yii, including—but not limited to—Craft CMS, as represented by CVE-2025-32432...

10CVSS7.6AI score0.99803EPSS
In wildExploits15
CNNVD
CNNVD
added 2025/03/24 12:0 a.m.6 views

Yii2 代码问题漏洞

Yii2 is a fast, secure and professional PHP framework from Yii Open Source. A code issue vulnerability exists in Yii2 2.0.45 and earlier versions, which stems from a deserialization issue and could lead to remote attacks...

9.8CVSS6.5AI score0.00556EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/07/25 12:0 a.m.5 views

PT-2025-15893

Name of the Vulnerable Software and Affected Versions Yii 2 versions prior to 2.0.52 Description The issue arises from the mishandling of behavior attachment, specifically when behaviors are defined by a class array key. This has been exploited in the wild, with approximately 13,000 vulnerable...

10CVSS8.5AI score0.87776EPSS
Exploits1References62
BDU FSTEC
BDU FSTEC
added 2023/02/20 12:0 a.m.7 views

The vulnerability of the PHP framework Yii, related to the restoration of unreliable data structures in memory, allows attackers to execute arbitrary code.

The vulnerability of the PHP framework Yii is related to the restoration of unreliable data structures in memory. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

10CVSS7.9AI score0.01461EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder