CVE-2018-6010 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Yiiframework	Yiiframework	2.0.0

Related Weaknesses (CWE)

CWE-79

References

https://github.com/yiisoft/yii2/commit/6b0be47e0fa9c532e03b07b4369050582fcf5c7a
https://github.com/yiisoft/yii2/issues/14711
https://github.com/yiisoft/yii2/pull/15534Issue TrackingThird Party Advisory
https://github.com/yiisoft/yii2/commit/6b0be47e0fa9c532e03b07b4369050582fcf5c7a
https://github.com/yiisoft/yii2/issues/14711
https://github.com/yiisoft/yii2/pull/15534Issue TrackingThird Party Advisory

FAQ

What is CVE-2018-6010?

CVE-2018-6010 is a vulnerability with a CVSS score of 7.5 (HIGH). In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Relat...

How severe is CVE-2018-6010?

CVE-2018-6010 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-6010?

Check the references section above for vendor advisories and patch information. Affected products include: Yiiframework Yiiframework.