PT-2014-6052 · Yii · Yii Php Framework

Published

2014-07-03

Updated

2022-05-17

CVE-2014-4672

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Yii PHP Framework version 1.1.14

Description The issue allows remote attackers to execute arbitrary PHP scripts. This is related to the value property in the CDetailView widget.

Recommendations For Yii PHP Framework version 1.1.14, consider disabling the CDetailView widget or restricting access to it until a patch is available. Avoid using the value property in the CDetailView widget to minimize the risk of exploitation.

Exploit

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2014-4672

GHSA-74QV-RV53-5WCX

Affected Products

Yii Php Framework

PT-2014-6052 · Yii · Yii Php Framework

CVE-2014-4672

Weakness Enumeration

Related Identifiers

Affected Products

References · 7