4 matches found
The vulnerability of the yiisoft/yii2-redis framework in Yii, which allows attackers to expose protected information.
The vulnerability of the yiisoft/yii2-redis framework in Yii is related to the exposure of information through registration files. Exploiting this vulnerability allows a malicious actor to disclose protected information through the AUTH parameter...
Sensitive Information Disclosure
yiisoft/yii2-redis is vulnerable to Sensitive Information Disclosure. The vulnerability is due to information disclosure due to authentication credentials username and password being logged in plain text during failed connection attempts...
yii2-redis 日志信息泄露漏洞
yii2-redis is an extension to yii open source. A log information disclosure vulnerability exists in yii2-redis versions prior to 2.0.20, which stems from the explicit logging of the AUTH parameter in the logs, which could lead to credential disclosure...
yii2-redis Potential Remote code execution
Potential remote code execution in LUA context of the redis server via methods yii\redis\ActiveRecord::findOne and yii\redis\ActiveRecord::findAll in yiisoft/yii2-redis. Attackers could probably manipulate data on the redis server...