Cc7B3Ro

**Name of the Vulnerable Software and Affected Versions** Yii 2 Framework versions prior to 2.0.47 **Description** A SQL injection issue allows a remote attacker to execute arbitrary code via the `runAction` function. The software maintainer disputes that the vulnerability is in the framework itself, claiming it is in third-party code. **Recommendations** For versions prior to 2.0.47, update to version 2.0.47 or later to resolve the issue. As a temporary workaround, consider restricting access to the `runAction` function until a patch is available.