Cruddiy Command Injection Vulnerability

Cruddiy is a free no-code PHP bootstrap CRUD generator by Jan van den Berg, a personal developer. A security vulnerability exists in Cruddiy that stems from vulnerability to shell command injection attacks...

GHSA-X87M-36G7-6MPW Yii2 Gii Cross-site Scripting vulnerability

Some fields like Message Category requires I18N enabled in Model Generator, CRUD Generator or Form Generator, Author Name in Extension Generator, etc. are being cached without sanitisation of their contents when the Preview button is pressed. This leads to possibility of injecting malicious...

Yii2 Gii Cross-site Scripting vulnerability

Some fields like Message Category requires I18N enabled in Model Generator, CRUD Generator or Form Generator, Author Name in Extension Generator, etc. are being cached without sanitisation of their contents when the Preview button is pressed. This leads to possibility of injecting malicious...

PT-2022-22113 · Yii2 Gii · Yii2 Gii

Name of the Vulnerable Software and Affected Versions: Yii2 Gii versions through 2.2.4 Description: The issue allows stored XSS by injecting a payload into any field. Some fields, such as Message Category in Model Generator, CRUD Generator or Form Generator, and Author Name in Extension Generator...