SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function. NOTE: the software maintainer's position is that the vulnerability is in third-party code, not in the framework.
References
Configurations
History
07 Nov 2023, 04:09
Type | Values Removed | Values Added |
---|---|---|
Summary | SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function. NOTE: the software maintainer's position is that the vulnerability is in third-party code, not in the framework. |
14 Apr 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Apr 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Apr 2023, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | ** DISPUTED ** SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function. NOTE: the software maintainer's position is that the vulnerability is in third-party code, not in the framework. |
10 Apr 2023, 19:03
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:yiiframework:yii:*:*:*:*:*:*:*:* | |
First Time |
Yiiframework yii
Yiiframework |
|
References | (MISC) https://github.com/yiisoft/yii2/issues/19755 - Exploit, Issue Tracking | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | CWE-89 |
04 Apr 2023, 17:40
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-04 15:15
Updated : 2024-05-17 02:21
NVD link : CVE-2023-26750
Mitre link : CVE-2023-26750
CVE.ORG link : CVE-2023-26750
JSON object : View
Products Affected
yiiframework
- yii
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')