CVE-2023-47130

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-47130
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-47130.json
Aliases
Published
2023-11-14T21:15:11Z
Modified
2023-11-29T10:20:02.773489Z
Details

Yii is an open source PHP web framework. yiisoft/yii before version 1.1.29 are vulnerable to Remote Code Execution (RCE) if the application calls unserialize() on arbitrary user input. An attacker may leverage this vulnerability to compromise the host system. A fix has been developed for the 1.1.29 release. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References

Affected packages

Git / github.com/yiisoft/yii

Affected ranges

Type
GIT
Repo
https://github.com/yiisoft/yii
Events
Introduced
0The exact introduced commit is unknown
Fixed

Affected versions

1.*

1.0a
1.0rc
1.1.0
1.1.10
1.1.11
1.1.12
1.1.13
1.1.13-RC
1.1.14
1.1.14-rc
1.1.15
1.1.16
1.1.17
1.1.18
1.1.19
1.1.20
1.1.21
1.1.22
1.1.23
1.1.24
1.1.25
1.1.26
1.1.27
1.1.28
1.1.3
1.1.4
1.1.7
1.1.8
1.1.9
1.1b
1.1rc