Vulnerability Details CVE-2022-41922
`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. This has been patched in 1.1.27.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.023
EPSS Ranking 84.1%
CVSS Severity
CVSS v3 Score 8.1
References
Products affected by CVE-2022-41922
-
cpe:2.3:a:yiiframework:yii:*