The vulnerability stems from three interconnected functions: 1) findByCondition() directly handles array input for SQL condition building without proper escaping of column names. 2) findOne() and 3) findAll() act as entry points that pass user input to findByCondition(). Multiple authoritative sources (CVE description, Yii security announcement, GHSA) explicitly name these methods as the attack vectors. The core issue is the framework's failure to sanitize array keys in condition builders, allowing attackers to manipulate SQL queries when array input is passed to these methods.
Miggo AI