Description
The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.yiiframework.com/news/78/yii-1-1-15-is-released-security-fix/
Scores
EPSS
0.0212
EPSS Percentile
79.6%
Details
CWE
CWE-94
Status
published
Products (2)
yiiframework/yiiframework
1.1.14
yiisoft/yii
1.1.14 - 1.1.15Packagist
Published
Jul 03, 2014
Tracked Since
Feb 18, 2026