yiisoft/yii is vulnerable to remote code execution. The vulnerability exists in the __wakeup
function of CDbCriteria.php
, due to improper deserialization of untrusted user input, which allows the attacker to control the state or the flow of execution.