Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
yiisoft/yii before v1.1.27 vulnerable to Remote Code Execution if the application calls `unserialize()` on arbitrary user input
Vulnerability Description
`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. This has been patched in 1.1.27.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Yii 代码问题漏洞
Vulnerability Description
Yii是YII团队的开发的一套基于组件、用于开发大型Web应用的高性能PHP框架。 Yii 1.1.27之前版本存在代码问题漏洞,该漏洞源于在任意用户输入时调用unserialize(),就会受到远程代码执行(RCE)攻击。
CVSS Information
N/A
Vulnerability Type
N/A