Yiiframework: >> Yii >> 2.0.47 Security Vulnerabilities
CVE-2024-58136
Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025.
Known exploited
CVSS Score
9.0
EPSS Score
0.359
Published
2025-04-10
SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function. NOTE: the software maintainer's position is that the vulnerability is in third-party code, not in the framework.
CVSS Score
9.8
EPSS Score
0.077
Published
2023-04-04