GHSA-3MPG-Q26J-83J5 Command injection in yiisoft/yii2-gii

Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file...

Command injection in yiisoft/yii2-gii

Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file...

CVE-2020-36655

Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file...

Cross-site Scripting (XSS)

yiisoft/yii2-gii is vulnerable to cross-site scripting. The vulnerability exists in the rules function of Generator.php due to a lack of proper validation rules for enableI18N and messageCategory which allows an attacker to inject and execute malicious JavaScript...

GHSA-VV7Q-MFPC-QGM5 Unserialized Pop Chain in Laravel

Withdrawn This advisory has been withdrawn because it is not a security issue and the CVE has been revoked. Original Description Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution RCE via an unserialized pop chain in destruct in...

CVE-2020-10454

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/sitemap-generator.php by adding a question mark ? followed by the payload...