Critical severity9.8NVD Advisory· Published Mar 21, 2018· Updated Jun 17, 2026
CVE-2018-7269
CVE-2018-7269
Description
The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer recognizes an undocumented need to sanitize array input.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
yiisoft/yii2-devPackagist | < 2.0.12.1 | 2.0.12.1 |
yiisoft/yii2-devPackagist | >= 2.0.13, < 2.0.13.2 | 2.0.13.2 |
yiisoft/yii2-devPackagist | >= 2.0.14, < 2.0.15 | 2.0.15 |
Affected products
1Patches
Vulnerability mechanics
References
5- www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes/nvdVendor Advisory
- github.com/advisories/GHSA-hhg2-g6h6-c266ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-7269ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-dev/CVE-2018-7269.yamlghsaWEB
- www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixesghsaWEB
News mentions
0No linked articles in our index yet.