Vulnerability Details CVE-2018-6010
In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.4%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/yiisoft/yii2/commit/6b0be47e0fa9c532e03b07b4369050582fcf5c7a
- https://github.com/yiisoft/yii2/issues/14711
- https://github.com/yiisoft/yii2/pull/15534
- https://github.com/yiisoft/yii2/commit/6b0be47e0fa9c532e03b07b4369050582fcf5c7a
- https://github.com/yiisoft/yii2/issues/14711
- https://github.com/yiisoft/yii2/pull/15534
Products affected by CVE-2018-6010
-
cpe:2.3:a:yiiframework:yiiframework:2.0.0
-
cpe:2.3:a:yiiframework:yiiframework:2.0.1
-
cpe:2.3:a:yiiframework:yiiframework:2.0.10
-
cpe:2.3:a:yiiframework:yiiframework:2.0.11
-
cpe:2.3:a:yiiframework:yiiframework:2.0.11.1
-
cpe:2.3:a:yiiframework:yiiframework:2.0.11.2
-
cpe:2.3:a:yiiframework:yiiframework:2.0.12
-
cpe:2.3:a:yiiframework:yiiframework:2.0.13
-
cpe:2.3:a:yiiframework:yiiframework:2.0.13.1
-
cpe:2.3:a:yiiframework:yiiframework:2.0.2
-
cpe:2.3:a:yiiframework:yiiframework:2.0.3
-
cpe:2.3:a:yiiframework:yiiframework:2.0.4
-
cpe:2.3:a:yiiframework:yiiframework:2.0.5
-
cpe:2.3:a:yiiframework:yiiframework:2.0.6
-
cpe:2.3:a:yiiframework:yiiframework:2.0.7
-
cpe:2.3:a:yiiframework:yiiframework:2.0.8
-
cpe:2.3:a:yiiframework:yiiframework:2.0.9