Vulnerabilities > Yiiframework > YII > 2.0.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-03-21 | CVE-2018-8073 | Code Injection vulnerability in Yiiframework YII Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack in conjunction with the Redis extension. | 9.8 |
2018-03-21 | CVE-2018-7269 | SQL Injection vulnerability in Yiiframework YII The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer recognizes an undocumented need to sanitize array input. | 9.8 |