Show filters
30 Total Results
Displaying 11-20 of 30
Sort by:
Attacker Value
Unknown
CVE-2022-41922
Disclosure Date: November 23, 2022 (last updated October 08, 2023)
`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. This has been patched in 1.1.27.
0
Attacker Value
Unknown
CVE-2022-3771
Disclosure Date: October 31, 2022 (last updated November 08, 2023)
A vulnerability, which was classified as critical, has been found in easyii CMS. This issue affects the function file of the file helpers/Upload.php of the component File Upload Management. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The identifier VDB-212501 was assigned to this vulnerability.
0
Attacker Value
Unknown
CVE-2020-36534
Disclosure Date: June 07, 2022 (last updated February 23, 2025)
A vulnerability was found in easyii CMS. It has been classified as problematic. Affected is an unknown function of the file /admin/sign/out. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
0
Attacker Value
Unknown
CVE-2022-1544
Disclosure Date: May 01, 2022 (last updated February 23, 2025)
Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Successful exploitation can lead to impacts such as client-sided command injection, code execution, or remote ex-filtration of contained confidential data.
0
Attacker Value
Unknown
CVE-2021-3692
Disclosure Date: August 10, 2021 (last updated February 23, 2025)
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
0
Attacker Value
Unknown
CVE-2021-3689
Disclosure Date: August 10, 2021 (last updated February 23, 2025)
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
0
Attacker Value
Unknown
CVE-2020-15148
Disclosure Date: September 15, 2020 (last updated February 22, 2025)
Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory.
0
Attacker Value
Unknown
CVE-2018-10704
Disclosure Date: March 12, 2020 (last updated February 21, 2025)
yidashi yii2cmf 2.0 has XSS via the /search q parameter.
0
Attacker Value
Unknown
CVE-2019-16130
Disclosure Date: September 09, 2019 (last updated November 27, 2024)
YII2-CMS v1.0 has XSS in protected\core\modules\home\models\Contact.php via a name field to /contact.html.
0
Attacker Value
Unknown
CVE-2018-20745
Disclosure Date: January 28, 2019 (last updated November 27, 2024)
Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.
0