Show filters
3 Total Results
Displaying 1-3 of 3
Sort by:
Attacker Value
Unknown

CVE-2020-36655

Disclosure Date: January 21, 2023 (last updated October 08, 2023)
Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-34297

Disclosure Date: December 09, 2022 (last updated February 24, 2025)
Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload into any field.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2006-2148

Disclosure Date: May 02, 2006 (last updated October 04, 2023)
Multiple buffer overflows in client.c in CGI:IRC (CGIIRC) before 0.5.8 might allow remote attackers to execute arbitrary code via (1) cookies or (2) the query string.
0
0