Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unsafe deserialization of user data in yiisoft/yii
Vulnerability Description
Yii is an open source PHP web framework. yiisoft/yii before version 1.1.29 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. An attacker may leverage this vulnerability to compromise the host system. A fix has been developed for the 1.1.29 release. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Yii 安全漏洞
Vulnerability Description
Yii是YII团队的开发的一套基于组件、用于开发大型Web应用的高性能PHP框架。 Yii 1.1.29之前版本存在安全漏洞,该漏洞源于容易受到远程代码执行(RCE)攻击,攻击者可能会利用此漏洞来危害主机系统。
CVSS Information
N/A
Vulnerability Type
N/A