📦 Yii

This CVE describes a security regression in Yii 2 framework where improper handling of behavior attachment via __class array keys can lead to remote code execution. This affects Yii 2 applications run...

This vulnerability in Yii2's Component class allows attackers to instantiate arbitrary classes and call their methods by manipulating behavior assignments. Any application using Yii2 version 2.0.48 is...

This SQL injection vulnerability in Yii Framework 2 allows remote attackers to execute arbitrary SQL commands through the runAction function, potentially leading to data theft, modification, or comple...

CVE-2021-3689 is a vulnerability in Yii2 PHP framework where predictable algorithms in random number generation could allow attackers to guess generated values like CSRF tokens or session IDs. This af...

This critical vulnerability in Yii2 PHP framework allows remote attackers to execute arbitrary code through insecure deserialization in the phpunit mock object generator. It affects all Yii2 applicati...

This is a Cross-site Scripting (XSS) vulnerability in Yii 2 PHP framework that allows attackers to execute arbitrary JavaScript in victim browsers. It affects Yii 2 applications using the default erro...