CVE-2014-4672
published 2014-07-03CVE-2014-4672: The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property.
PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.12%
79.6th percentile
The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| yiiframework | yiiframework | — | — |
| yiisoft | yii | >= 1.1.14 < 1.1.15 | 1.1.15 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Yii PHP Framework arbitrary PHP scripts execution
osv·2022-05-17
CVE-2014-4672 [HIGH] Yii PHP Framework arbitrary PHP scripts execution
Yii PHP Framework arbitrary PHP scripts execution
The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property.
GHSA
Yii PHP Framework arbitrary PHP scripts execution
ghsa·2022-05-17
CVE-2014-4672 [HIGH] CWE-94 Yii PHP Framework arbitrary PHP scripts execution
Yii PHP Framework arbitrary PHP scripts execution
The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2014-07-03
Published