CVE-2018-7269

Name of the Vulnerable Software and Affected Versions Yii 2.x versions prior to 2.0.15

Description The issue allows remote attackers to conduct SQL injection attacks via a findOne() or findAll() call, specifically through the findByCondition function in framework/db/ActiveRecord.php, unless the developer sanitizes array input.

Recommendations For versions prior to 2.0.15, update to version 2.0.15 or later to resolve the issue. As a temporary workaround, consider sanitizing array input to the findByCondition function to minimize the risk of SQL injection attacks.