Remote Code Execution (RCE) Vulnerability in Yii Framework

Remote Code Execution (RCE) Vulnerability in Yii Framework

CVE-2023-47130 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Yii is an open source PHP web framework. yiisoft/yii before version 1.1.29 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. An attacker may leverage this vulnerability to compromise the host system. A fix has been developed for the 1.1.29 release. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Learn more about our Cis Benchmark Audit For Microsoft Iis.