Description
Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025.
Exploits
No known exploits found for this CVE.
Search Exploit-DBReferences
cve@mitre.org
https://github.com/yiisoft/yii2/pull/20232