VYPR
High severity8.8NVD Advisory· Published Jan 22, 2018· Updated Jun 17, 2026

CVE-2018-6009

CVE-2018-6009

Description

In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
yiisoft/yii2Packagist
>= 2.0, < 2.0.142.0.14
yiisoft/yii2-devPackagist
>= 2.0, < 2.0.142.0.14

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.