Описание
Yii is an open source PHP web framework. yiisoft/yii before version 1.1.29 are vulnerable to Remote Code Execution (RCE) if the application calls unserialize() on arbitrary user input. An attacker may leverage this vulnerability to compromise the host system. A fix has been developed for the 1.1.29 release. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Ссылки
- Patch
- Patch
- Third Party Advisory
- Patch
- Patch
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.29 (исключая)
cpe:2.3:a:yiiframework:yii:*:*:*:*:*:*:*:*
EPSS
Процентиль: 87%
0.03255
Низкий
8.1 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-502
Связанные уязвимости
CVSS3: 8.1
debian
около 2 лет назад
Yii is an open source PHP web framework. yiisoft/yii before version 1. ...
CVSS3: 8.1
github
около 2 лет назад
yiisoft/yii deserializing untrusted user input can lead to remote code execution
EPSS
Процентиль: 87%
0.03255
Низкий
8.1 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-502