Marco van 't Wout - Security Researcher - Exploit Intelligence Platform

CVE-2022-41922 WRITEUP HIGH WRITEUP

Yii < 1.1.27 - Insecure Deserialization

`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. This has been patched in 1.1.27.

CVSS 8.1

View Code

CVE-2023-47130 WRITEUP HIGH WRITEUP

Yii < 1.1.29 - Insecure Deserialization

Yii is an open source PHP web framework. yiisoft/yii before version 1.1.29 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. An attacker may leverage this vulnerability to compromise the host system. A fix has been developed for the 1.1.29 release. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS 8.1

View Code

CVE-2025-32027 WRITEUP MEDIUM WRITEUP

Yii < 1.1.31 - Basic XSS

Yii is an open source PHP web framework. Prior to 1.1.31, yiisoft/yii is vulnerable to Reflected XSS in specific scenarios where the fallback error renderer is used. Upgrade yiisoft/yii to version 1.1.31 or higher.

CVSS 6.1

View Code