Headline
CVE-2023-26750: Yii 2 <= 2.0.47 SQL Injection Vulnerability · Issue #19755 · yiisoft/yii2
SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function.
Here is part of the code:
in TemplateController.php at line 108– yii\db\Command::queryAll()
$sql .= " and (dab.company = ‘’ or dab.company is null) ";
}
$sql = \Yii::$app->db->createCommand($sql)->bindValue('pagename',$pageName);
$sql = \Yii::$app->db->createCommand($sql);
$space = $sql->queryAll();
$sql = "SELECT
dab.id,
dab.ubication,
dab.carrousel,
dab.position,
The SQL being executed was:
SELECT dab.id,dab.ubication,dab.carrousel,dab.position,dab.html,dab.adapt,dab.text FROM pages AS p
LEFT JOIN templates AS dab ON p.id=dab.id_pag AND dab.status = 1 AND dab.position <> 0
WHERE dab.code=’PAG’’ AND dab.carrousel = 0 AND dab.adapt = 0 and (dab.company = ‘’ or dab.company is null)