GHSA-74qv-rv53-5wcx

Source

https://github.com/advisories/GHSA-74qv-rv53-5wcx

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-74qv-rv53-5wcx/GHSA-74qv-rv53-5wcx.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-74qv-rv53-5wcx

Aliases

CVE-2014-4672

Published

2022-05-17T04:38:57Z

Modified

2024-12-07T05:40:29.559297Z

Summary

Yii PHP Framework arbitrary PHP scripts execution

Details

The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property.

Database specific

{
    "nvd_published_at": "2014-07-03T17:55:00Z",
    "cwe_ids": [
        "CWE-94"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-24T18:31:47Z"
}

References

Affected packages

Packagist / yiisoft/yii

Package

Name: yiisoft/yii
Purl: pkg:composer/yiisoft/yii

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.1.14

Fixed

1.1.15

Affected versions

1.*

1.1.14