Lucene search
GitHub Advisory DatabaseGHSA-74QV-RV53-5WCXHistoryMay 17, 2022 - 4:38 a.m.
Yii PHP Framework arbitrary PHP scripts execution
2022-05-1704:38:57
CWE-94
GitHub Advisory Database
github.com
3
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.9 High
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
77.7%
The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property.
Affected configurations
Node
yiisoftyiiRange<1.1.15
| CPE | Name | Operator | Version |
|---|---|---|---|
| yiisoft/yii | lt | 1.1.15 |
Related
nvd
nvd
CVE-2014-4672
2014-07-03 17:55:06
cve
cve
CVE-2014-4672
2014-07-03 17:55:06
freebsd
freebsd
yii -- Remote arbitrary PHP code execution
2014-07-03 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2017-07-30 07:52:29
prion
prion
Code injection
2014-07-03 17:55:00
osv
osv
Yii PHP Framework arbitrary PHP scripts execution
2022-05-17 04:38:57
friendsofphp
friendsofphp
nessus
nessus
cvelist
cvelist
CVE-2014-4672
2014-07-03 17:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.9 High
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
77.7%
Related for GHSA-74QV-RV53-5WCX