Yiiframework Yii 2.0.45

CPE Details

Yiiframework Yii 2.0.45
yiiframework
yii
2.0.45
2023-04-07
10h50 +00:00
2023-06-26
14h56 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:yiiframework:yii:2.0.45:*:*:*:*:*:*:*

Informations

Vendor

yiiframework

Product

yii

Version

2.0.45

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2025-2689 2025-03-24 07h00 +00:00 A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45. Affected by this issue is the function getIterator of the file symfony\finder\Iterator\SortableIterator.php. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
5.3
Medium
CVE-2022-31454 2023-07-27 22h00 +00:00 Yii 2 v2.0.45 was discovered to contain a cross-site scripting (XSS) vulnerability via the endpoint /books. NOTE: this is disputed by the vendor because the cve-2022-31454-8e8555c31fd3 page does not describe why /books has a relationship to Yii 2.
6.1
Medium
CVE-2023-26750 2023-04-04 00h00 +00:00 SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function. NOTE: the software maintainer's position is that the vulnerability is in third-party code, not in the framework.
9.8
Critical