CVE-2026-39850

Yii 2 is a PHP application framework. Versions 2.0.54 and prior contain flawed logic in the core view rendering method View::renderPhpFile that leads to Local File Inclusion. The function calls extract$params, EXTROVERWRITE before the require statement that loads the view file. As a result, a...

Yii 输入验证错误漏洞

Yii is a high-performance PHP framework developed by the YII team. It is designed for developing large-scale web applications using components. Yii 2 versions 2.0.54 and earlier contained a vulnerability related to input validation errors. This vulnerability stemmed from a logical flaw in the cor...