yiisoft/yii Security Advisories for 1.1.14-rc (4)
-
[MEDIUM] Yii does not prevent XSS in scenarios where fallback error renderer is used
PKSA-5knt-m24q-vw91 CVE-2025-32027 GHSA-7r2v-8wxr-3ch5
Affected version: <1.1.31
Reported by:
GitHub -
[HIGH] yiisoft/yii deserializing untrusted user input can lead to remote code execution
PKSA-zxnx-782b-tfrm CVE-2023-47130 GHSA-mw2w-2hj2-fg8q
Affected version: <1.1.29
Reported by:
GitHub -
[HIGH] Prevent RCE when deserializing untrusted user input
PKSA-cjwh-whsw-vv25 CVE-2022-41922 GHSA-442f-wcwq-fpcf
Affected version: <1.1.27
Reported by:
GitHub -
[HIGH] The CDetailView widget allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property
PKSA-sfqm-67yf-rdtq CVE-2014-4672 GHSA-74qv-rv53-5wcx
Affected version: >=1.1.14,<1.1.15
Reported by:
GitHub, FriendsOfPHP/security-advisories