{"url":"http://public2.vulnerablecode.io/api/packages/55239?format=json","purl":"pkg:composer/yiisoft/yii2-dev@2.0.13%2B0alpha","type":"composer","namespace":"yiisoft","name":"yii2-dev","version":"2.0.13+0alpha","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.0.0-alpha1","latest_non_vulnerable_version":"3.0.0-alpha1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39514?format=json","vulnerability_id":"VCID-y165-fy8y-2fcc","summary":"The `findByCondition` function in `framework/db/ActiveRecord.php` allows remote attackers to conduct SQL injection attacks via a `findOne()` or `findAll()à call, unless a developer recognizes an undocumented need to sanitize array input.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7269","reference_id":"","reference_type":"","scores":[{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.70141","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.70187","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.70164","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.70175","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.70192","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0061","scoring_system":"epss","scoring_elements":"0.70184","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7269"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-dev/CVE-2018-7269.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-dev/CVE-2018-7269.yaml"},{"reference_url":"https://github.com/yiisoft/yii2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/yiisoft/yii2"},{"reference_url":"https://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7269","reference_id":"CVE-2018-7269","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-7269"},{"reference_url":"https://github.com/advisories/GHSA-hhg2-g6h6-c266","reference_id":"GHSA-hhg2-g6h6-c266","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hhg2-g6h6-c266"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/217066?format=json","purl":"pkg:composer/yiisoft/yii2-dev@2.0.13.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6rub-m94d-jfct"},{"vulnerability":"VCID-gb9u-t143-vker"},{"vulnerability":"VCID-gwmb-kcz9-d7b9"},{"vulnerability":"VCID-jkfv-pxp7-9qba"},{"vulnerability":"VCID-vf2s-s6dr-nqhf"},{"vulnerability":"VCID-vhy5-48ge-vyat"},{"vulnerability":"VCID-x388-wd41-tkh3"},{"vulnerability":"VCID-xrgb-33bd-ckat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.13.2"},{"url":"http://public2.vulnerablecode.io/api/packages/55241?format=json","purl":"pkg:composer/yiisoft/yii2-dev@2.0.13%2B2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.13%252B2"},{"url":"http://public2.vulnerablecode.io/api/packages/55242?format=json","purl":"pkg:composer/yiisoft/yii2-dev@2.0.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6rub-m94d-jfct"},{"vulnerability":"VCID-gb9u-t143-vker"},{"vulnerability":"VCID-gwmb-kcz9-d7b9"},{"vulnerability":"VCID-vf2s-s6dr-nqhf"},{"vulnerability":"VCID-x388-wd41-tkh3"},{"vulnerability":"VCID-xrgb-33bd-ckat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.15"}],"aliases":["CVE-2018-7269","GHSA-hhg2-g6h6-c266"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y165-fy8y-2fcc"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/yiisoft/yii2-dev@2.0.13%252B0alpha"}