Vulnerabilities > Yiiframework > YII
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-21 | CVE-2018-8073 | Code Injection vulnerability in Yiiframework YII Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack in conjunction with the Redis extension. | 9.8 |
| 2018-03-21 | CVE-2018-7269 | SQL Injection vulnerability in Yiiframework YII The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer recognizes an undocumented need to sanitize array input. | 9.8 |
| 2017-07-21 | CVE-2017-11516 | Cross-site Scripting vulnerability in Yiiframework YII 2.0.12 An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception->errorInfo is mishandled. | 6.1 |