yiisoft/yii is vulnerable to remote code execution. The vulnerability exists in the __wakeup
function of CDbCriteria.php
, due to improper deserialization of untrusted user input, which allows the attacker to control the state or the flow of execution.
CPE | Name | Operator | Version |
---|---|---|---|
yiisoft/yii | le | 1.1.26 | |
yiisoft/yii | le | 1.1.26 |