Security Advisory

CVE-2020-36655

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-01-21 00:00:00

Last updated 2025-04-02 13:48:32

Assigner mitre

State PUBLISHED

Description

Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file.

← Browse all CVEs View on cve.org ↗