GHSA-74qv-rv53-5wcx

Suggest an improvement
Source
https://github.com/advisories/GHSA-74qv-rv53-5wcx
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-74qv-rv53-5wcx/GHSA-74qv-rv53-5wcx.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-74qv-rv53-5wcx
Aliases
  • CVE-2014-4672
Published
2022-05-17T04:38:57Z
Modified
2024-12-07T05:38:57.275454Z
Summary
Yii PHP Framework arbitrary PHP scripts execution
Details

The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property.

Database specific 
{
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-94"
    ],
    "severity": "HIGH",
    "nvd_published_at": "2014-07-03T17:55:00Z",
    "github_reviewed_at": "2024-04-24T18:31:47Z"
}
References

Affected packages

Packagist / yiisoft/yii

Package

Name
yiisoft/yii
Purl
pkg:composer/yiisoft/yii

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.1.14
Fixed
1.1.15

Affected versions

1.*
1.1.14

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-74qv-rv53-5wcx/GHSA-74qv-rv53-5wcx.json"