2 matches found
CVE-2018-8073
Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack in conjunction with the Redis extension...
CVE-2018-8073
The CVE-2018-8073 entry affects Yii 2.x prior to 2.0.15. Affected component: framework/db/ActiveRecord.php, specifically findByCondition via findOne/findAll, enabling remote SQL injection by manipulating input (undocumented sanitization considerations) and potentially bypassing access checks. Thi...