Critical severityNVD Advisory· Published Sep 21, 2023· Updated Sep 25, 2024
CVE-2015-5467
CVE-2015-5467
Description
web\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the view parameeter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
yiisoft/yii2Packagist | >= 2.0.0, < 2.0.5 | 2.0.5 |
Affected products
2- Yii/Yii2description
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-7cfq-72w2-24q4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-5467ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-dev/CVE-2015-5467.yamlghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2/CVE-2015-5467.yamlghsaWEB
- www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fixghsaWEB
News mentions
0No linked articles in our index yet.