Fi3Wey

**Name of the Vulnerable Software and Affected Versions** yiisoft/yii versions prior to 1.1.27 **Description** The issue allows for Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. **Recommendations** For versions prior to 1.1.27, upgrade yiisoft/yii to version 1.1.27 or higher. As a temporary workaround, consider avoiding the use of `unserialize()` on arbitrary user input until a patch is applied. Restrict access to user input that could be used to exploit this issue to minimize the risk of exploitation.