CVE-2014-4672: Code Injection

July 3, 2014 (updated July 24, 2014)

The CDetailView widget in Yii PHP Framework allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property.

References

www.yiiframework.com/news/78/yii-1-1-15-is-released-security-fix/

Detect and mitigate CVE-2014-4672 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →