Miggo Logo

CVE-2018-7269: Yii SQL injection vulnerability

9.8

CVSS Score
3.0

Basic Information

EPSS Score
0.69674%
Published
5/24/2022
Updated
4/24/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
yiisoft/yii2-devcomposer< 2.0.12.12.0.12.1
yiisoft/yii2-devcomposer>= 2.0.13, < 2.0.13.22.0.13.2
yiisoft/yii2-devcomposer>= 2.0.14, < 2.0.152.0.15

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from three interconnected functions: 1) findByCondition() directly handles array input for SQL condition building without proper escaping of column names. 2) findOne() and 3) findAll() act as entry points that pass user input to findByCondition(). Multiple authoritative sources (CVE description, Yii security announcement, GHSA) explicitly name these methods as the attack vectors. The core issue is the framework's failure to sanitize array keys in condition builders, allowing attackers to manipulate SQL queries when array input is passed to these methods.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** *in**y*on*ition *un*tion in `*r*m*work/**/**tiv*R**or*.p*p` in Yii *.x ***or* *.*.** *llows r*mot* *tt**k*rs to *on*u*t SQL inj**tion *tt**ks vi* * *in*On*() or *in**ll() **ll, unl*ss * **v*lop*r r**o*niz*s *n un*o*um*nt** n*** to s*nitiz* *rr*y

Reasoning

T** vuln*r**ility st*ms *rom t*r** int*r*onn**t** *un*tions: *) `*in**y*on*ition()` *ir**tly **n*l*s *rr*y input *or SQL *on*ition *uil*in* wit*out prop*r *s**pin* o* *olumn n*m*s. *) `*in*On*()` *n* *) `*in**ll()` **t *s *ntry points t**t p*ss us*r