Show filters
30 Total Results
Displaying 11-20 of 30
Sort by:
Attacker Value
Unknown

CVE-2022-41922

Disclosure Date: November 23, 2022 (last updated October 08, 2023)
`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. This has been patched in 1.1.27.
Attacker Value
Unknown

CVE-2022-3771

Disclosure Date: October 31, 2022 (last updated November 08, 2023)
A vulnerability, which was classified as critical, has been found in easyii CMS. This issue affects the function file of the file helpers/Upload.php of the component File Upload Management. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The identifier VDB-212501 was assigned to this vulnerability.
Attacker Value
Unknown

CVE-2020-36534

Disclosure Date: June 07, 2022 (last updated February 23, 2025)
A vulnerability was found in easyii CMS. It has been classified as problematic. Affected is an unknown function of the file /admin/sign/out. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Attacker Value
Unknown

CVE-2022-1544

Disclosure Date: May 01, 2022 (last updated February 23, 2025)
Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Successful exploitation can lead to impacts such as client-sided command injection, code execution, or remote ex-filtration of contained confidential data.
Attacker Value
Unknown

CVE-2021-3692

Disclosure Date: August 10, 2021 (last updated February 23, 2025)
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
Attacker Value
Unknown

CVE-2021-3689

Disclosure Date: August 10, 2021 (last updated February 23, 2025)
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
Attacker Value
Unknown

CVE-2020-15148

Disclosure Date: September 15, 2020 (last updated February 22, 2025)
Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory.
Attacker Value
Unknown

CVE-2018-10704

Disclosure Date: March 12, 2020 (last updated February 21, 2025)
yidashi yii2cmf 2.0 has XSS via the /search q parameter.
Attacker Value
Unknown

CVE-2019-16130

Disclosure Date: September 09, 2019 (last updated November 27, 2024)
YII2-CMS v1.0 has XSS in protected\core\modules\home\models\Contact.php via a name field to /contact.html.
Attacker Value
Unknown

CVE-2018-20745

Disclosure Date: January 28, 2019 (last updated November 27, 2024)
Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.
0