CVE-2023-1501

A vulnerability, which was classified as critical, was found in RockOA 2.3.2. This affects the function runAction of the file acloudCosAction.php.SQL. The manipulation of the argument fileid leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclos...

GHSA-GQ63-P39P-JRJF Withdrawn: SQL injection in Yii 2

Withdrawn Advisory This advisory has been withdrawn because the issue originates from a product built on Yii2, not the Yii2 Framework itself. This link is maintained to preserve external references. Original Description SQL injection vulnerability found in Yii Framework Yii 2 Framework before...

Yii SQL注入漏洞

Yii is the YII team developed a set of component-based, high-performance PHP framework for developing large-scale Web applications. Yii Framework SQL injection vulnerability exists in Yii 2 Framework v.2.0.47 and earlier. A remote attacker can exploit this vulnerability to execute arbitrary code...

CVE-2023-26750

SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function. NOTE: the software maintainer's position is that the vulnerability is in third-party code, not in the framework...

PT-2023-20778 · Unknown · Yii 2 Framework

Name of the Vulnerable Software and Affected Versions: Yii 2 Framework versions prior to 2.0.47 Description: A SQL injection issue allows a remote attacker to execute arbitrary code via the runAction function. The software maintainer disputes that the vulnerability is in the framework itself,...

CVE-2023-1501

A vulnerability, which was classified as critical, was found in RockOA 2.3.2. This affects the function runAction of the file acloudCosAction.php.SQL. The manipulation of the argument fileid leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclos...