Jump to content

YiiMP was hacked!

Recommended Posts

I was checking the YiiMP github (https://github.com/tpruvot/yiimp) and saw this


There a lot of unused code in the php branch. Lot come from other projects I worked on and I've been lazy to clean it up before to integrate it to yaamp. It's mostly based on the Yii framework which implements a lightweight MVC.

Now, as there's a lot of unused code based on Yii framework, I was thinking this might be it. I searched Yii framework vulnerabilities, and there are some. Haven't check them deeply if they could allow fileupload or similar, but it's quite scary to find these... https://www.cvedetails.com/vulnerability-list/vendor_id-13516/Yiiframework.html

:( Well if there's a code from 1.1.14 version, then you can execute arbitrary PHP scripts on the serverhttp://www.yiiframework.com/news/78/yii-1-1-15-is-released-security-fix/


Edited by Jerppu
  • Like 1

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...