Lucene search
K

9 matches found

CISA KEV Catalog
CISA KEV Catalog
added 2025/06/02 12:0 a.m.14 views

Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability

Craft CMS contains an external control of assumed-immutable web parameter vulnerability. This vulnerability could allow an unauthenticated client to introduce arbitrary values, such as PHP code, to a known local file location on the server. This vulnerability could be chained with CVE-2024-58136 ...

6.9CVSS7.5AI score0.01119EPSS
In wildExploits0
RedhatCVE
RedhatCVE
added 2025/04/12 12:1 a.m.64 views

CVE-2024-58136

Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025...

9.8CVSS7.2AI score0.87776EPSS
Exploits2References1
Circl
Circl
added 2025/04/10 3:40 a.m.10 views

CVE-2024-58136

creationtimestamp| type| source ---|---|--- 2025-04-10 03:40:18+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3lmglg4gkjf2g 2025-04-10 04:12:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmgn76pwco2q 2025-04-10 05:48:31+00:00| seen|...

9.8CVSS7.1AI score0.87776EPSS
Exploits1References44
NVD
NVD
added 2025/04/10 3:15 a.m.29 views

CVE-2024-58136

Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025...

9.8CVSS0.87776EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2025/04/10 12:0 a.m.27 views

CVE-2024-58136

Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025...

9CVSS6.7AI score0.87776EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2025/04/10 12:0 a.m.1073 views

CVE-2024-58136

Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025. Recent assessments: chutton-r7 at May 11, 2025 1:58pm UTC reported: On the April 9 2025, Yii released an advisory...

10CVSS9.4AI score0.99803EPSS
In wildExploits16References6
OSV
OSV
added 2025/04/10 12:0 a.m.24 views

CVE-2024-58136

Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025...

9CVSS9.1AI score0.87776EPSS
Exploits1References9
CVE
CVE
added 2025/04/10 12:0 a.m.321 views

CVE-2024-58136

CVE-2024-58136 describes an RCE risk in CraftCMS tied to Yii2 behavior injection via the fieldLayout JSON posted to assembleLayoutFromPost. The root cause is unfiltered user data passed to Craft::createObject() and a missing cleanseConfig() before using the fieldLayout config, permitting an attac...

9.8CVSS9AI score0.87776EPSS
In wildExploits1References7Affected Software1
Cvelist
Cvelist
added 2025/04/10 12:0 a.m.82 views

CVE-2024-58136

Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025...

9CVSS0.87776EPSS
Exploits1References5
Rows per page
Query Builder