5 matches found
Admidio 信息泄露漏洞
Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there was a vulnerability involving information leakage. This...
GHSA-M2P5-FWP2-QCW2 Yii Framework Code Injection
Yii 2.x before 2.0.15 allows remote attackers to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension...
Yii Framework Code Injection
Yii 2.x before 2.0.15 allows remote attackers to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension...
Design/Logic Flaw
Yii 2.x before 2.0.15 allows remote attackers to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension...
CVE-2018-8074
The CVE-2018-8074 entry affects Yii 2.x before 2.0.15. The vulnerability is in framework/db/ActiveRecord.php (findByCondition) where remote attackers can inject unintended SQL conditions via findOne()/findAll(), often in conjunction with the Elasticsearch extension. This is a SQL injection in the...