Yii2 Mcp Server
Monthly
Remote OS command injection in ArtMin96 yii2-mcp-server 1.0.2 allows authenticated remote attackers to execute arbitrary operating system commands via manipulation of the yii_command_help or yii_execute_command functions in the MCP Interface component. Exploit code is publicly available, and the vendor has not yet responded to early disclosure through issue reporting.
Remote OS command injection in ArtMin96 yii2-mcp-server 1.0.2 allows authenticated remote attackers to execute arbitrary operating system commands via manipulation of the yii_command_help or yii_execute_command functions in the MCP Interface component. Exploit code is publicly available, and the vendor has not yet responded to early disclosure through issue reporting.