Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS03NHF2LXJ2NTMtNXdjeM4AAebb
Yii PHP Framework arbitrary PHP scripts execution
The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property.
Permalink: https://github.com/advisories/GHSA-74qv-rv53-5wcxJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS03NHF2LXJ2NTMtNXdjeM4AAebb
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: 5 months ago
Identifiers: GHSA-74qv-rv53-5wcx, CVE-2014-4672
References:
- https://nvd.nist.gov/vuln/detail/CVE-2014-4672
- https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii/CVE-2014-4672.yaml
- https://www.yiiframework.com/news/78/yii-1-1-15-is-released-security-fix
- https://github.com/advisories/GHSA-74qv-rv53-5wcx
Affected Packages
packagist:yiisoft/yii
Dependent packages: 305Dependent repositories: 1,325
Downloads: 4,528,832 total
Affected Version Ranges: >= 1.1.14, < 1.1.15
Fixed in: 1.1.15
All affected versions: 1.1.14
All unaffected versions: 1.1.15, 1.1.16, 1.1.17, 1.1.18, 1.1.19, 1.1.20, 1.1.21, 1.1.22, 1.1.23, 1.1.24, 1.1.25, 1.1.26, 1.1.27, 1.1.28, 1.1.29