| Title | Yii Software LLC Yii 2.0 <=2.0.45 RCE |
|---|
| Description | Yii version <=2.0.45 has a deserialization vulnerability. If the framework is referenced and there is a deserialization entry point, an attacker can achieve arbitrary command execution through deserialization. |
|---|
| Source | ⚠️ https://github.com/gaorenyusi/gaorenyusi/blob/main/Yii2.md |
|---|
| User | gaorenyusi (UID 74236) |
|---|
| Submission | 03/17/2025 14:28 (1 Year ago) |
|---|
| Moderation | 03/23/2025 10:36 (6 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 300710 [yiisoft Yii2 up to 2.0.45 SortableIterator.php getIterator deserialization] |
|---|
| Points | 17 |
|---|