Analyzed
about 15 hours
ago.
based on code collected
1 day
ago.
Major Versions
click and drag to zoom
Security Vulnerabilities for Version:
Severities:
Type
|
Identifier
|
Related Record |
Severity
|
Date Published
|
Description | Versions Affected |
|---|---|---|---|---|---|
| CVE-2024-58136 | Critical | Apr 10, 2025 | Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild more... |
1.1.31, 1.1.30, 2.0.51, 2.0.49.4, 2.0.50, 1.1.29, 2.0.49.3, 2.0.49.2, 2.0.49.1, 2.0.49
|
|
| CVE-2020-15148 | BDSA-2020-2411 | Critical | Sep 15, 2020 | Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. Thi more... |
1.1.31, 1.1.30, 1.1.29, 1.1.28, 1.1.27, 1.1.26, 1.1.25, 1.1.24, 1.1.23, 2.0.37
|
| CVE-2018-8073 | Critical | Mar 21, 2018 | Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack in conjunction with the Redis ext more... |
1.1.31, 1.1.30, 1.1.29, 1.1.28, 1.1.27, 1.1.26, 1.1.25, 1.1.24, 1.1.23, 1.1.22
|
|
| CVE-2015-3397 | May 14, 2015 | Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via vectors relat more... |
1.1.31, 1.1.30, 1.1.29, 1.1.28, 1.1.27, 1.1.26, 1.1.25, 1.1.24, 1.1.23, 1.1.22
|
||
| BDSA-2018-4723 | High | Jan 31, 2019 | An improper input validation vulnerability has been discovered in the Yii Framework. An attacker could exploit this vulnerability by crafting a request more... |
