Vulnerabilities > Yiiframework > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-22 | CVE-2023-50714 | Improper Authentication vulnerability in Yiiframework Yii2-Authclient yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. | 8.8 |
| 2023-01-21 | CVE-2020-36655 | Code Injection vulnerability in Yiiframework GII Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. | 8.8 |
| 2020-09-15 | CVE-2020-15148 | Deserialization of Untrusted Data vulnerability in Yiiframework YII Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. | 7.5 |
| 2018-03-21 | CVE-2018-8073 | Code Injection vulnerability in Yiiframework YII Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack in conjunction with the Redis extension. | 7.5 |
| 2018-03-21 | CVE-2018-7269 | SQL Injection vulnerability in Yiiframework YII The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer recognizes an undocumented need to sanitize array input. | 7.5 |
| 2014-07-03 | CVE-2014-4672 | Code Injection vulnerability in Yiiframework 1.1.14 The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property. | 7.5 |