Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2018-6010
Good to know:
Date: January 22, 2018
In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php.
Language: PHP
Severity Score
Related Resources (8)
Severity Score
Weakness Type (CWE)
Top Fix
Upgrade Version
Upgrade to version yiisoft/yii2-dev - dev-link;yiisoft/yii2-dev - dev-9718-fix-authKey-invalidation;yiisoft/yii2-dev - dev-fixes-14366-upgrade-php-72alpha;yiisoft/yii2-dev - dev-cebe/fix-cookie-params;yiisoft/yii2-dev - dev-bizley-patch-2;yiisoft/yii2-dev - 2.0.14;yiisoft/yii2-dev - dev-fix;yetiforce/yii2 - 2.0.14;myweishanli/codeigniter-with-yii2 - no_fix;leaps/framework - dev-cebe/fix-cookie-params;leaps/framework - 2.0.14;leaps/framework - dev-irc;leaps/framework - dev-9718-fix-authKey-invalidation;leaps/framework - dev-fixes-14366-upgrade-php-72alpha;leaps/framework - dev-bizley-patch-2;leaps/framework - dev-fix;ush-webdev/framework-alpha - no_fix;toir427/yii2-hello - no_fix;bright-tech/yii2-ace-admin-theme - v0.2;phpsmile/yii2 - dev-fixes-14366-upgrade-php-72alpha;phpsmile/yii2 - 2.0.0-alpha;phpsmile/yii2 - dev-remove-yii-autoloader;phpsmile/yii2 - 2.1.x-dev;phpsmile/yii2 - dev-fix-db-exception-not-displaying-error-info;klikar3/rgraph - 1.0.0-alpha6;klikar3/rgraph - 1.0.0-alpha3;klikar3/rgraph - 1.0.0-alpha10;klikar3/rgraph - v0.0.0-alpha;czechcamus/yii2-app-basic - no_fix;cargic/edu - no_fix;limesurvey/limesurvey - dev-add-app-params-to-twig;phpsmile/psyii2 - no_fix;seffeng/yii_admin - no_fix;sol-hiqdev/bare-yii2 - no_fix;newicon/neon - dev-develop;newicon/neon - dev-neilc-listObject-docblock;newicon/neon - v1.1.2;riisoft/framework - 2.0.14;redooc/yii2-dev - no_fix;redooc/yii2-dev - 2.0.0-alpha;yiitech/yii2-base - no_fix;imdake/yii2 - 2.0.14;yetiforce/yetiforce-crm - dev-dependabot/composer/twig/twig-3.4.3;vishnuprasadpg/codeigniter-with-yii2 - 2.0.0;nbcx/yii2 - 2.0.14;nbcx/yii2 - dev-master;ruvents/yii2 - 2.0.15;kaushal4/yii2 - no_fix;peskovsb/reporbac - no_fix;pragmaticlinux/yii-basic - no_fix;minii/core - no_fix;kangqf/kblog_with_yii2 - no_fix;ly/message_queue - 1.0;sheng/yiicms - v1.2.0;sheng/yiicms - dev-language;sweethousecr/house - no_fix;shunt/click-statistics - no_fix;mevyen/yii2-swoole-async - no_fix;mevyen/yii2-swoole-async - 1.0.1;chlalbuquerque/yii2-kitdevelop - no_fix;gamantha/pao-project - dev-nirwan;hieupham0206/cloudteam-metronic - no_fix;minii/web - no_fix;matricks/yii2-blitz - no_fix;dlds/yii2-banking - 1.4;esoftslimited/yii2-blog - no_fix;nanodesu88/yii2 - no_fix;cszchen/flatui - no_fix;seffeng/yii_demo - no_fix;eold/yii2-apidoc-generator - no_fix;dengyifang/blog_demo - no_fix
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | NONE |
| Availability (A): | NONE |
CVSS v2
| Base Score: |
|
|---|---|
| Access Vector (AV): | NETWORK |
| Access Complexity (AC): | LOW |
| Authentication (AU): | NONE |
| Confidentiality (C): | PARTIAL |
| Integrity (I): | NONE |
| Availability (A): | NONE |
| Additional information: |