web\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the view parameeter.
References
Link | Resource |
---|---|
https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-dev/CVE-2015-5467.yaml | Third Party Advisory |
https://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix | Release Notes |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-09-21T00:00:00
Updated: 2023-09-21T05:07:23.393579
Reserved: 2015-07-10T00:00:00
Link: CVE-2015-5467
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-09-21T06:15:10.580
Modified: 2023-09-22T22:51:53.840
Link: CVE-2015-5467
JSON object: View
Redhat Information
No data.
CWE