D90Pwn

**Name of the Vulnerable Software and Affected Versions** Yii2 Gii versions prior to 2.2.2 **Description** The issue allows remote attackers to execute arbitrary code via the `messageCategory` field in Generator.php. This can be done by embedding arbitrary PHP code into the model file. The vulnerability is related to the restoration of an invalid data structure in memory, which can be exploited by a remote attacker to execute arbitrary code. **Recommendations** For versions prior to 2.2.2, update to version 2.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Generator.php file and the `messageCategory` field to minimize the risk of exploitation.