9.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-7269

GHSA ID

GHSA-hhg2-g6h6-c266

EPSS Score

0.69674%

CWE

CWE-89

Published

5/24/2022

Updated

4/24/2024

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2018-7269

CVE-2018-7269:
Yii SQL injection vulnerability

The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer recognizes an undocumented need to sanitize array input.

(GitHub Advisory)

9.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-7269

GHSA ID

GHSA-hhg2-g6h6-c266

EPSS Score

0.69674%

CWE

CWE-89

Published

5/24/2022

Updated

4/24/2024

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
yiisoft/yii2-dev	composer	< 2.0.12.1	2.0.12.1
yiisoft/yii2-dev	composer	>= 2.0.13, < 2.0.13.2	2.0.13.2
yiisoft/yii2-dev	composer	>= 2.0.14, < 2.0.15	2.0.15

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from three interconnected functions: 1) findByCondition() directly handles array input for SQL condition building without proper escaping of column names. 2) findOne() and 3) findAll() act as entry points that pass user input to findByCondition(). Multiple authoritative sources (CVE description, Yii security announcement, GHSA) explicitly name these methods as the attack vectors. The core issue is the framework's failure to sanitize array keys in condition builders, allowing attackers to manipulate SQL queries when array input is passed to these methods.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** *in**y*on*ition *un*tion in `*r*m*work/**/**tiv*R**or*.p*p` in Yii *.x ***or* *.*.** *llows r*mot* *tt**k*rs to *on*u*t SQL inj**tion *tt**ks vi* * *in*On*() or *in**ll() **ll, unl*ss * **v*lop*r r**o*niz*s *n un*o*um*nt** n*** to s*nitiz* *rr*y

Reasoning

T** vuln*r**ility st*ms *rom t*r** int*r*onn**t** *un*tions: *) `*in**y*on*ition()` *ir**tly **n*l*s *rr*y input *or SQL *on*ition *uil*in* wit*out prop*r *s**pin* o* *olumn n*m*s. *) `*in*On*()` *n* *) `*in**ll()` **t *s *ntry points t**t p*ss us*r

9.8

Basic Information

Concerned about an active attack path?

CVE-2018-7269: Yii SQL injection vulnerability

9.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2018-7269:
Yii SQL injection vulnerability

Vulnerability Intelligence
Miggo AI