Yiisoft Yii vulnerabilities
4 known vulnerabilities affecting yiisoft/yii.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-47130P2CRITICALCVSS 9.8fixed in 1.1.292023-11-14
CVE-2023-47130 [CRITICAL] CWE-502 CVE-2023-47130: Yii is an open source PHP web framework. yiisoft/yii before version 1.1.29 are vulnerable to Remote
Yii is an open source PHP web framework. yiisoft/yii before version 1.1.29 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. An attacker may leverage this vulnerability to compromise the host system. A fix has been developed for the 1.1.29 release. Users are advised to upgrade. There are
ghsanvdosv
CVE-2022-41922P3CRITICALCVSS 9.8fixed in 1.1.272022-11-23
CVE-2022-41922 [CRITICAL] CWE-502 CVE-2022-41922: `yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application
`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. This has been patched in 1.1.27.
ghsanvdosv
CVE-2014-4672P3HIGH≥ 1.1.14, < 1.1.152022-05-17
CVE-2014-4672 [HIGH] CWE-94 Yii PHP Framework arbitrary PHP scripts execution
Yii PHP Framework arbitrary PHP scripts execution
The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property.
ghsaosv
CVE-2025-32027P4MEDIUMCVSS 6.1fixed in 1.1.312025-04-10
CVE-2025-32027 [MEDIUM] CWE-79 CVE-2025-32027: Yii is an open source PHP web framework. Prior to 1.1.31, yiisoft/yii is vulnerable to Reflected XSS
Yii is an open source PHP web framework. Prior to 1.1.31, yiisoft/yii is vulnerable to Reflected XSS in specific scenarios where the fallback error renderer is used. Upgrade yiisoft/yii to version 1.1.31 or higher.
ghsanvdosv