Yii Framework Yii 2.0.3

CPE Details

Yii Framework Yii 2.0.3
yiiframework
yii
2.0.3
2019-09-18
16h44 +00:00
2019-09-18
16h44 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:yiiframework:yii:2.0.3:*:*:*:*:*:*:*

Informations

Vendor

yiiframework

Product

yii

Version

2.0.3

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2025-2690 2025-03-24 07h31 +00:00 A vulnerability, which was classified as critical, was found in yiisoft Yii2 up to 2.0.39. This affects the function Generate of the file phpunit\src\Framework\MockObject\MockClass.php. The manipulation leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
5.3
Medium
CVE-2025-2689 2025-03-24 07h00 +00:00 A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45. Affected by this issue is the function getIterator of the file symfony\finder\Iterator\SortableIterator.php. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
5.3
Medium
CVE-2015-5467 2023-09-20 22h00 +00:00 web\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the view parameeter.
9.8
Critical
CVE-2023-26750 2023-04-04 00h00 +00:00 SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function. NOTE: the software maintainer's position is that the vulnerability is in third-party code, not in the framework.
9.8
Critical
CVE-2021-3692 2021-08-10 13h36 +00:00 yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
5.3
Medium
CVE-2021-3689 2021-08-10 08h21 +00:00 yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
7.5
High
CVE-2020-15148 2020-09-15 16h25 +00:00 Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory.
10
Critical
CVE-2018-20745 2019-01-28 08h00 +00:00 Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.
5.9
Medium
CVE-2018-7269 2018-03-21 17h00 +00:00 The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer recognizes an undocumented need to sanitize array input.
9.8
Critical
CVE-2018-8073 2018-03-21 17h00 +00:00 Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack in conjunction with the Redis extension.
9.8
Critical
CVE-2018-8074 2018-03-21 17h00 +00:00 Yii 2.x before 2.0.15 allows remote attackers to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension.
8.1
High