Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Yii
(Yiiframework)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 14 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-04-10 | CVE-2024-58136 | Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025. | Yii | 9.8 | ||
| 2023-04-04 | CVE-2023-26750 | SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function. NOTE: the software maintainer's position is that the vulnerability is in third-party code, not in the framework. | Yii | 9.8 | ||
| 2020-09-15 | CVE-2020-15148 | Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory. | Yii | 10.0 | ||
| 2021-08-10 | CVE-2021-3689 | yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator | Yii | 7.5 |