Affected versions of
yiisoft/yii are vulnerable to Remote Code Execution (RCE) if the application calls
unserialize() on arbitrary user input.
yiisoft/yii to version 1.1.27 or higher.
See the following links for more details: - Git commit - https://owasp.org/www-community/vulnerabilities/PHPObjectInjection
If you have any questions or comments about this advisory, contact us through security form.