VYPR

Packagist (Composer) package

yiisoft/yii2-dev

pkg:composer/yiisoft/yii2-dev

Vulnerabilities (7)

  • CVE-2025-2689Mar 24, 2025
    affected <= 2.0.45

    A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45. Affected by this issue is the function getIterator of the file symfony\finder\Iterator\SortableIterator.php. The manipulation leads to deserialization. The attack may be launched remot

  • CVE-2021-3692Aug 10, 2021
    affected < 2.0.43fixed 2.0.43

    yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator

  • CVE-2021-3689Aug 10, 2021
    affected < 2.0.43fixed 2.0.43

    yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator

  • CVE-2018-8074HigMar 21, 2018
    affected >= 2.0.0, < 2.0.15fixed 2.0.15

    Yii 2.x before 2.0.15 allows remote attackers to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension.

  • CVE-2018-7269CriMar 21, 2018
    affected < 2.0.12.1fixed 2.0.12.1

    The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer recognizes an undocumented need to sanitize array input.

  • CVE-2018-6009HigJan 22, 2018
    affected >= 2.0, < 2.0.14fixed 2.0.14

    In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity.

  • CVE-2017-11516MedJul 21, 2017
    affected >= 2.0.12, < 2.0.13fixed 2.0.13

    An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception->errorInfo is mishandled.