High severityNVD Advisory· Published Jul 3, 2014· Updated Jun 17, 2026
CVE-2014-4672
CVE-2014-4672
Description
The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
yiisoft/yiiPackagist | >= 1.1.14, < 1.1.15 | 1.1.15 |
Affected products
2- cpe:2.3:a:yiiframework:yiiframework:1.1.14:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
5- www.yiiframework.com/news/78/yii-1-1-15-is-released-security-fix/nvdVendor Advisory
- github.com/advisories/GHSA-74qv-rv53-5wcxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-4672ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii/CVE-2014-4672.yamlghsaWEB
- www.yiiframework.com/news/78/yii-1-1-15-is-released-security-fixghsaWEB
News mentions
0No linked articles in our index yet.