11 matches found
EUVD-2022-2388
Malicious code in bioql PyPI...
EUVD-2022-4471
Malicious code in bioql PyPI...
Yii Framework Code Injection
Yii 2.x before 2.0.15 allows remote attackers to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension...
GHSA-M2P5-FWP2-QCW2 Yii Framework Code Injection
Yii 2.x before 2.0.15 allows remote attackers to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension...
Design/Logic Flaw
Yii 2.x before 2.0.15 allows remote attackers to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension...
Design/Logic Flaw
Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack in conjunction with the Redis extension...
CVE-2018-7269
The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne or findAll call, unless a developer recognizes an undocumented need to sanitize array input...
CVE-2018-7269
The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne or findAll call, unless a developer recognizes an undocumented need to sanitize array input...
CVE-2018-8073
Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack in conjunction with the Redis extension...
CVE-2018-7269
CVE-2018-7269 affects Yii 2.x prior to 2.0.15, where the findByCondition path in framework/db/ActiveRecord.php can be exploited to perform SQL injections via findOne() or findAll() when input arrays are not sanitized. The vulnerability is tied to the findByCondition function and enables remote at...
CVE-2018-7269
The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne or findAll call, unless a developer recognizes an undocumented need to sanitize array input...