Vulnerabilities > Yiiframework > YII > 2.0.4

DATE CVE VULNERABILITY TITLE RISK
2018-03-21 CVE-2018-7269 SQL Injection vulnerability in Yiiframework YII
The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer recognizes an undocumented need to sanitize array input.
network
low complexity
yiiframework CWE-89
critical
 9.8
9.8