CVE-2020-36655

Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/yiisoft/yii2-gii/issues/433	Exploit Issue Tracking Third Party Advisory
https://lab.wallarm.com/yii2-gii-remote-code-execution/	Exploit Mitigation Third Party Advisory
https://github.com/yiisoft/yii2-gii/issues/433	Exploit Issue Tracking Third Party Advisory
https://lab.wallarm.com/yii2-gii-remote-code-execution/	Exploit Mitigation Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:yiiframework:gii:*:*:*:*:*:yii2:*:*

History

21 Nov 2024, 05:30

Type	Values Removed	Values Added
References	~~() https://github.com/yiisoft/yii2-gii/issues/433 - Exploit, Issue Tracking, Third Party Advisory~~	() https://github.com/yiisoft/yii2-gii/issues/433 - Exploit, Issue Tracking, Third Party Advisory
References	~~() https://lab.wallarm.com/yii2-gii-remote-code-execution/ - Exploit, Mitigation, Third Party Advisory~~	() https://lab.wallarm.com/yii2-gii-remote-code-execution/ - Exploit, Mitigation, Third Party Advisory
Summary		(es) Yii Yii2 Gii anterior a 2.2.2 permite a atacantes remotos ejecutar código de su elección a través del campo messageCategory de Generator.php. El atacante puede incrustar código PHP arbitrario en el archivo del modelo.

Information

Published : 2023-01-21 01:15

Updated : 2025-04-02 14:15

NVD link : CVE-2020-36655

Mitre link : CVE-2020-36655

CVE.ORG link : CVE-2020-36655

JSON object : View

Products Affected

yiiframework

gii

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2020-36655", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-01-21T01:15:12.343", "references": [{"url": "https://github.com/yiisoft/yii2-gii/issues/433", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lab.wallarm.com/yii2-gii-remote-code-execution/", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/yiisoft/yii2-gii/issues/433", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lab.wallarm.com/yii2-gii-remote-code-execution/", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file."}, {"lang": "es", "value": "Yii Yii2 Gii anterior a 2.2.2 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s del campo messageCategory de Generator.php. El atacante puede incrustar c\u00f3digo PHP arbitrario en el archivo del modelo."}], "lastModified": "2025-04-02T14:15:35.580", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:yiiframework:gii:*:*:*:*:*:yii2:*:*", "vulnerable": true, "matchCriteriaId": "5682A105-2B48-4CA4-95DA-636A6B8BBA17", "versionEndExcluding": "2.2.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}