Yii@* Security Vulnerabilities and Issues — Yii@* CVE List

Lucene search

YiiframeworkYii*

5 matches found

CVE•added 2025/04/10 3:15 a.m.•225 views

CVE-2024-58136

Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025.

9.8CVSS9AI score0.83062EPSS

In wild

CVE•added 2020/09/15 7:15 p.m.•148 views

CVE-2020-15148

Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls unserialize() on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory.

10CVSS9.4AI score0.917EPSS

CVE•added 2023/11/14 9:15 p.m.•104 views

CVE-2023-47130

Yii is an open source PHP web framework. yiisoft/yii before version 1.1.29 are vulnerable to Remote Code Execution (RCE) if the application calls unserialize() on arbitrary user input. An attacker may leverage this vulnerability to compromise the host system. A fix has been developed for the 1.1.29...

9.8CVSS9.2AI score0.03255EPSS

CVE•added 2022/11/23 6:15 p.m.•80 views

CVE-2022-41922

yiisoft/yii before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls unserialize() on arbitrary user input. This has been patched in 1.1.27.

9.8CVSS9.2AI score0.03045EPSS

CVE•added 2018/03/21 6:29 p.m.•35 views

CVE-2018-8073

Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack in conjunction with the Redis extension.

9.8CVSS8.9AI score0.0096EPSS