3 matches found
CVE-2018-8074
Yii 2.x before 2.0.15 allows remote attackers to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension...
CVE-2018-8074
Yii 2.x before 2.0.15 allows remote attackers to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension...
CVE-2018-8074
The CVE-2018-8074 entry affects Yii 2.x before 2.0.15. The vulnerability is in framework/db/ActiveRecord.php (findByCondition) where remote attackers can inject unintended SQL conditions via findOne()/findAll(), often in conjunction with the Elasticsearch extension. This is a SQL injection in the...