Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisory.
No PoCs from references.
- https://github.com/0xT11/CVE-POC
- https://github.com/0xkami/cve-2020-15148
- https://github.com/20142995/nuclei-templates
- https://github.com/20142995/sectool
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/Awrrays/FrameVul
- https://github.com/Elsfa7-110/kenzer-templates
- https://github.com/Maskhe/CVE-2020-15148-bypasses
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/SexyBeast233/SecBooks
- https://github.com/StarCrossPortal/scalpel
- https://github.com/YIXINSHUWU/Penetration_Testing_POC
- https://github.com/alphaSeclab/sec-daily-2020
- https://github.com/anonymous364872/Rapier_Tool
- https://github.com/apif-review/APIF_tool_2024
- https://github.com/apit-review-account/apit-tool
- https://github.com/cc8700619/poc
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/huike007/penetration_poc
- https://github.com/huisetiankong478/penetration_poc
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/soosmile/POC
- https://github.com/trganda/starrlist
- https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-
- https://github.com/xuetusummer/Penetration_Testing_POC
- https://github.com/youcans896768/APIV_Tool