5 matches found
EUVD-2022-4471
Malicious code in bioql PyPI...
Yii Framework Code Injection
Yii 2.x before 2.0.15 allows remote attackers to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension...
Design/Logic Flaw
Yii 2.x before 2.0.15 allows remote attackers to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension...
CVE-2018-8074
Yii 2.x before 2.0.15 allows remote attackers to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension...
CVE-2018-8074
The CVE-2018-8074 entry affects Yii 2.x before 2.0.15. The vulnerability is in framework/db/ActiveRecord.php (findByCondition) where remote attackers can inject unintended SQL conditions via findOne()/findAll(), often in conjunction with the Elasticsearch extension. This is a SQL injection in the...