CVE-2018-7269

The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer recognizes an undocumented need to sanitize array input.
Configurations

Configuration 1

cpe:2.3:a:yiiframework:yii:*:*:*:*:*:*:*:*

Information

Published : 2018-03-21 06:29

Updated : 2018-04-20 01:03


NVD link : CVE-2018-7269

Mitre link : CVE-2018-7269

Products Affected
No products.
CWE