Yii · Yii · CVE-2018-7269
**Name of the Vulnerable Software and Affected Versions**
Yii 2.x versions prior to 2.0.15
**Description**
The issue allows remote attackers to conduct SQL injection attacks via a `findOne()` or `findAll()` call, specifically through the `findByCondition` function in `framework/db/ActiveRecord.php`, unless the developer sanitizes array input.
**Recommendations**
For versions prior to 2.0.15, update to version 2.0.15 or later to resolve the issue.
As a temporary workaround, consider sanitizing array input to the `findByCondition` function to minimize the risk of SQL injection attacks.