CVE-2014-4672 – yiisoft/yii

Package

Manager: composer
Name: yiisoft/yii
Vulnerable Version: >=1.1.14 <1.1.15

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:H/RL:U/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0057 pctl0.67647

Details

Yii PHP Framework arbitrary PHP scripts execution The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property.

Metadata

Created: 2022-05-17T04:38:57Z
Modified: 2024-04-24T18:31:47Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-74qv-rv53-5wcx/GHSA-74qv-rv53-5wcx.json
CWE IDs: ["CWE-94"]
Alternative ID: GHSA-74qv-rv53-5wcx
Finding: F422
Auto approve: 1