GHSA-f9p3-h6cg-2cjr, CVE-2022-1544
packagist/luyadev/yii-helpers
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Successful exploitation can lead to impacts such as client-sided command injection, code execution, or remote ex-filtration of contained confidential data.
All versions before 1.2.1
Upgrade to version 1.2.1 or above.
2022-05-04
source |