Analitic1983

**Name of the Vulnerable Software and Affected Versions** Yii 2.x versions prior to 2.0.15 **Description** The issue allows remote attackers to conduct SQL injection attacks via a `findOne()` or `findAll()` call, specifically through the `findByCondition` function in `framework/db/ActiveRecord.php`, unless the developer sanitizes array input. **Recommendations** For versions prior to 2.0.15, update to version 2.0.15 or later to resolve the issue. As a temporary workaround, consider sanitizing array input to the `findByCondition` function to minimize the risk of SQL injection attacks.