Описание
Yii SQL injection vulnerability
The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer recognizes an undocumented need to sanitize array input.
Пакеты
Наименование
yiisoft/yii2-dev
composer
Затронутые версииВерсия исправления
< 2.0.12.1
2.0.12.1
Наименование
yiisoft/yii2-dev
composer
Затронутые версииВерсия исправления
>= 2.0.13, < 2.0.13.2
2.0.13.2
Наименование
yiisoft/yii2-dev
composer
Затронутые версииВерсия исправления
>= 2.0.14, < 2.0.15
2.0.15
Связанные уязвимости
CVSS3: 9.8
nvd
почти 8 лет назад
The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer recognizes an undocumented need to sanitize array input.
CVSS3: 9.8
debian
почти 8 лет назад
The findByCondition function in framework/db/ActiveRecord.php in Yii 2 ...