CVE-2015-5467: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

July 10, 2015

Class yii\web\ViewAction allowed to include arbitrary files that end with .php.

References

www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix/

Detect and mitigate CVE-2015-5467 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →