Vulnerabilities > Yiiframework

DATE CVE VULNERABILITY TITLE RISK
2023-12-22 CVE-2023-50708 Unspecified vulnerability in Yiiframework Yii2-Authclient
yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0.
network
low complexity
yiiframework
critical
9.8
2023-12-22 CVE-2023-50714 Improper Authentication vulnerability in Yiiframework Yii2-Authclient
yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0.
network
low complexity
yiiframework CWE-287
8.8
2023-11-14 CVE-2023-47130 Unspecified vulnerability in Yiiframework YII
Yii is an open source PHP web framework.
network
low complexity
yiiframework
critical
9.8
2023-09-21 CVE-2015-5467 Path Traversal vulnerability in Yiiframework YII
web\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the view parameeter.
network
low complexity
yiiframework CWE-22
critical
9.8
2023-07-28 CVE-2022-31454 Cross-site Scripting vulnerability in Yiiframework YII 2.0.45
Yii 2 v2.0.45 was discovered to contain a cross-site scripting (XSS) vulnerability via the endpoint /books.
network
low complexity
yiiframework CWE-79
6.1
2023-04-04 CVE-2023-26750 SQL Injection vulnerability in Yiiframework YII
SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function.
network
low complexity
yiiframework CWE-89
critical
9.8
2023-01-21 CVE-2020-36655 Code Injection vulnerability in Yiiframework GII
Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field.
network
low complexity
yiiframework CWE-94
8.8
2022-12-09 CVE-2022-34297 Cross-site Scripting vulnerability in Yiiframework GII
Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload into any field.
network
low complexity
yiiframework CWE-79
5.4
2022-11-23 CVE-2022-41922 Unspecified vulnerability in Yiiframework YII
`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input.
network
low complexity
yiiframework
critical
9.8
2021-08-10 CVE-2021-3692 Use of Insufficiently Random Values vulnerability in Yiiframework YII
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
network
low complexity
yiiframework CWE-330
5.3