CVE-2018-7269: Yii SQL injection vulnerability
9.8
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.69674%
CWE
Published
5/24/2022
Updated
4/24/2024
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
yiisoft/yii2-dev | composer | < 2.0.12.1 | 2.0.12.1 |
yiisoft/yii2-dev | composer | >= 2.0.13, < 2.0.13.2 | 2.0.13.2 |
yiisoft/yii2-dev | composer | >= 2.0.14, < 2.0.15 | 2.0.15 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from three interconnected functions: 1) findByCondition()
directly handles array input for SQL condition building without proper escaping of column names. 2) findOne()
and 3) findAll()
act as entry points that pass user input to findByCondition()
. Multiple authoritative sources (CVE description, Yii security announcement, GHSA) explicitly name these methods as the attack vectors. The core issue is the framework's failure to sanitize array keys in condition builders, allowing attackers to manipulate SQL queries when array input is passed to these methods.