Shodan
Vulnerabilities
Vulnerable Software
Yiiframework:  Security Vulnerabilities
CVE-2015-5467
web\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the view parameeter.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-09-21
CVE-2022-31454
Yii 2 v2.0.45 was discovered to contain a cross-site scripting (XSS) vulnerability via the endpoint /books. NOTE: this is disputed by the vendor because the cve-2022-31454-8e8555c31fd3 page does not describe why /books has a relationship to Yii 2.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-07-28
CVE-2023-26750
SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function. NOTE: the software maintainer's position is that the vulnerability is in third-party code, not in the framework.
CVSS Score
9.8
EPSS Score
0.077
Published
2023-04-04
CVE-2020-36655
Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file.
CVSS Score
8.8
EPSS Score
0.017
Published
2023-01-21
CVE-2022-34297
Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload into any field.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-12-09
CVE-2022-41922
`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. This has been patched in 1.1.27.
CVSS Score
8.1
EPSS Score
0.038
Published
2022-11-23
CVE-2021-3692
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
CVSS Score
8.1
EPSS Score
0.005
Published
2021-08-10
CVE-2021-3689
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
CVSS Score
8.1
EPSS Score
0.005
Published
2021-08-10
CVE-2020-15148
Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory.
CVSS Score
8.9
EPSS Score
0.931
Published
2020-09-15
CVE-2018-20745
Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.
CVSS Score
5.9
EPSS Score
0.001
Published
2019-01-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved