Arbitrary Code Execution
yiisoft/yii2 is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper validation in the set magic function when attaching behaviors to components, allowing instantiation of arbitrary classes if attacker-controlled input is provided...