Command injection in yiisoft/yii2-gii

Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file...

GHSA-3MPG-Q26J-83J5 Command injection in yiisoft/yii2-gii

Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file...

CVE-2020-36655

Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file...

Cross-site Scripting (XSS)

yiisoft/yii2-gii is vulnerable to cross-site scripting. The vulnerability exists in the rules function of Generator.php due to a lack of proper validation rules for enableI18N and messageCategory which allows an attacker to inject and execute malicious JavaScript...

GHSA-VV7Q-MFPC-QGM5 Unserialized Pop Chain in Laravel

Withdrawn This advisory has been withdrawn because it is not a security issue and the CVE has been revoked. Original Description Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution RCE via an unserialized pop chain in destruct in...

CVE-2020-10454

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/sitemap-generator.php by adding a question mark ? followed by the payload...