Vulnerabilities > Yiiframework > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-22 | CVE-2023-50708 | Unspecified vulnerability in Yiiframework Yii2-Authclient yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. | 9.8 |
2023-11-14 | CVE-2023-47130 | Deserialization of Untrusted Data vulnerability in Yiiframework YII Yii is an open source PHP web framework. | 9.8 |
2023-09-21 | CVE-2015-5467 | Path Traversal vulnerability in Yiiframework YII web\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the view parameeter. | 9.8 |
2023-04-04 | CVE-2023-26750 | SQL Injection vulnerability in Yiiframework YII SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function. | 9.8 |
2022-11-23 | CVE-2022-41922 | Deserialization of Untrusted Data vulnerability in Yiiframework YII `yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. | 9.8 |