Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
I found an issue that causes Remote Code Execution by improper input validation in a $this->messageCategory variable.
$this->messageCategory
As a result, a remote attacker with an access to https://localhost/gii/ endpoint can execute arbitrary PHP code to template file, and then run it.
To fix issue, we can replace the $str = "Yii::t('" . $this->messageCategory . "', '" . $string . "'" . $ph . ")"; to $str = "Yii::t('" . addslashes($this->messageCategory) . "', '" . $string . "'" . $ph . ")"; in a file:
$str = "Yii::t('" . $this->messageCategory . "', '" . $string . "'" . $ph . ")";
$str = "Yii::t('" . addslashes($this->messageCategory) . "', '" . $string . "'" . $ph . ")";
yii2-gii/src/Generator.php
Line 505 in ee4d072
The text was updated successfully, but these errors were encountered:
Or a better validation here:
yii2-gii/src/generators/model/Generator.php
Line 95 in 6c63058
Sorry, something went wrong.
First of all, thanks for reporting it.
Fix #433: Fix insufficient category validation
4cdb5e0
ed61e0d
No branches or pull requests
I found an issue that causes Remote Code Execution by improper input validation in a
$this->messageCategoryvariable.As a result, a remote attacker with an access to https://localhost/gii/ endpoint can execute arbitrary PHP code to template file, and then run it.
To fix issue, we can replace the
$str = "Yii::t('" . $this->messageCategory . "', '" . $string . "'" . $ph . ")";to
$str = "Yii::t('" . addslashes($this->messageCategory) . "', '" . $string . "'" . $ph . ")";in a file:
yii2-gii/src/Generator.php
Line 505 in ee4d072
The text was updated successfully, but these errors were encountered: