VYPR
Critical severity9.8NVD Advisory· Published Mar 21, 2018· Updated Jun 17, 2026

CVE-2018-7269

CVE-2018-7269

Description

The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer recognizes an undocumented need to sanitize array input.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
yiisoft/yii2-devPackagist
< 2.0.12.12.0.12.1
yiisoft/yii2-devPackagist
>= 2.0.13, < 2.0.13.22.0.13.2
yiisoft/yii2-devPackagist
>= 2.0.14, < 2.0.152.0.15

Affected products

1

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.