SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function. NOTE: the software maintainer's position is that the vulnerability is in third-party code, not in the framework.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| yiisoft/yii2(Packagist) | 0 | 2.0.47 | N/A |
CVSS Metrics
