Vulnerabilities > Yiiframework

DATE	CVE	VULNERABILITY TITLE	RISK
2025-03-24	CVE-2025-2690	Deserialization of Untrusted Data vulnerability in Yiiframework YII A vulnerability, which was classified as critical, was found in yiisoft Yii2 up to 2.0.39. network low complexity yiiframework CWE-502 critical	9.8
2025-03-24	CVE-2025-2689	Deserialization of Untrusted Data vulnerability in Yiiframework YII A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45. network low complexity yiiframework CWE-502 critical	9.8
2023-12-22	CVE-2023-50708	Unspecified vulnerability in Yiiframework Yii2-Authclient yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. network low complexity yiiframework critical	9.8
2023-12-22	CVE-2023-50714	Improper Authentication vulnerability in Yiiframework Yii2-Authclient yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. network low complexity yiiframework CWE-287	8.8
2023-11-14	CVE-2023-47130	Unspecified vulnerability in Yiiframework YII Yii is an open source PHP web framework. network low complexity yiiframework critical	9.8
2023-09-21	CVE-2015-5467	Path Traversal vulnerability in Yiiframework YII web\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the view parameeter. network low complexity yiiframework CWE-22 critical	9.8
2023-07-28	CVE-2022-31454	Cross-site Scripting vulnerability in Yiiframework YII 2.0.45 Yii 2 v2.0.45 was discovered to contain a cross-site scripting (XSS) vulnerability via the endpoint /books. network low complexity yiiframework CWE-79	6.1
2023-04-04	CVE-2023-26750	SQL Injection vulnerability in Yiiframework YII SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function. network low complexity yiiframework CWE-89 critical	9.8
2023-01-21	CVE-2020-36655	Code Injection vulnerability in Yiiframework GII Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. network low complexity yiiframework CWE-94	8.8
2022-12-09	CVE-2022-34297	Cross-site Scripting vulnerability in Yiiframework GII Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload into any field. network low complexity yiiframework CWE-79	5.4

Vulnerabilities > Yiiframework {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Yiiframework"}]}

Vulnerabilities > Yiiframework