16 matches found
EUVD-2024-2024
Malicious code in bioql PyPI...
EUVD-2025-7345
Malicious code in bioql PyPI...
The vulnerability of the yiisoft/yii2-redis framework in Yii, which allows attackers to expose protected information.
The vulnerability of the yiisoft/yii2-redis framework in Yii is related to the exposure of information through registration files. Exploiting this vulnerability allows a malicious actor to disclose protected information through the AUTH parameter...
Deserialization Of Untrusted Data
yiisoft/yii2-dev is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to improper handling in the getIterator function of symfony\finder\Iterator\SortableIterator.php, which allows an attacker to execute arbitrary code remotely...
yiisoft Yii2 Deserialization of Untrusted Data
A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45. Affected by this issue is the function getIterator of the file symfony\finder\Iterator\SortableIterator.php. The manipulation leads to deserialization. The attack may be launched remotely. The exploit...
CVE-2025-2690 yiisoft Yii2 MockClass.php generate deserialization
A vulnerability, which was classified as critical, was found in yiisoft Yii2 up to 2.0.39. This affects the function Generate of the file phpunit\src\Framework\MockObject\MockClass.php. The manipulation leads to deserialization. It is possible to initiate the attack remotely. The exploit has been...
CVE-2025-2690 yiisoft Yii2 MockClass.php generate deserialization
A vulnerability, which was classified as critical, was found in yiisoft Yii2 up to 2.0.39. This affects the function Generate of the file phpunit\src\Framework\MockObject\MockClass.php. The manipulation leads to deserialization. It is possible to initiate the attack remotely. The exploit has been...
CVE-2024-4990 Unsafe Reflection in base Component class in yiisoft/yii2
In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the set magic method does not validate that the value passed is a valid Behavior class name or configuration. This allows an attacker to instantiate arbitrary classes, passing parameters to their constructors...
CVE-2024-4990 Unsafe Reflection in base Component class in yiisoft/yii2
In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the set magic method does not validate that the value passed is a valid Behavior class name or configuration. This allows an attacker to instantiate arbitrary classes, passing parameters to their constructors...
Cross-Site Scripting (XSS)
yiisoft/yii2 is vulnerable to Cross-site Scripting XSS. The vulnerability is caused by improper handling of quote conversion in the htmlspecialchars function, allowing an attacker to inject malicious attributes though argument values in exception stack traces...
CVE-2024-32877 Reflected Cross-site Scripting in yiisoft/yii2 Debug mode
Yii 2 is a PHP application framework. During internal penetration testing of a product based on Yii2, users discovered a Cross-site Scripting XSS vulnerability within the framework itself. This issue is relevant for the latest version of Yii2 2.0.49.3. This issue lies in the mechanism for...
Use of Insufficiently Random Values in yiisoft/yii2-dev
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator...
Insecure Random Number Generation
yiisoft/yii2 is using insecure random number generation. The vulnerability exists because it uses the function mtrand in CaptchaAction.php which is a predictable Random Number algorithm for random bytes and int generation...
Insecure Random Number Generation
yiisoft/yii2 is using insecure random number generation. The vulnerability exists because it uses the function mtrand in BaseMailer.php which is a predictable Random Number algorithm for random bytes and int generation...
CVE-2021-3689 Use of Predictable Algorithm in Random Number Generator in yiisoft/yii2
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator...
Cross-Site Request Forgery (CSRF)
yiisoft/yii2 is vulnerable to cross-site request forgery CSRF. Request methods are not validated or restricted in \yii\web\Request::getMethod. This allows an attacker to bypass CSRF token checks by downgrading the HTTP request to read methods such as GET, HEAD or OPTIONS...