Количество 3
Количество 3
CVE-2023-47130
Yii is an open source PHP web framework. yiisoft/yii before version 1.1.29 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. An attacker may leverage this vulnerability to compromise the host system. A fix has been developed for the 1.1.29 release. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-47130
Yii is an open source PHP web framework. yiisoft/yii before version 1. ...
GHSA-mw2w-2hj2-fg8q
yiisoft/yii deserializing untrusted user input can lead to remote code execution
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-47130 Yii is an open source PHP web framework. yiisoft/yii before version 1.1.29 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. An attacker may leverage this vulnerability to compromise the host system. A fix has been developed for the 1.1.29 release. Users are advised to upgrade. There are no known workarounds for this vulnerability. | CVSS3: 8.1 | 3% Низкий | около 2 лет назад |
| CVE-2023-47130 Yii is an open source PHP web framework. yiisoft/yii before version 1. ... | CVSS3: 8.1 | 3% Низкий | около 2 лет назад |
| GHSA-mw2w-2hj2-fg8q yiisoft/yii deserializing untrusted user input can lead to remote code execution | CVSS3: 8.1 | 3% Низкий | около 2 лет назад |
Уязвимостей на страницу