Yii 1.1.15 (security fix)
PHP framework Yii 1.1.15 has been released to fix the security issue found in 1.1.14. Earlier versions are not affected. If you use it, you should upgrade. 1.1.15 is fully compatible with 1.1.14.
Vulnerability affects `CDetailView`. If your application takes the value from the user, then the attacker can execute an arbitrary PHP script on your server. We do not disclose details immediately to give time to update. According to our data, only the core development team of the framework is known for details.
Vulnerability assigned number CVE-2014-4672.
')
You can pick up the distribution package , as usual, at yiiframework.com or upgrade via Composer.
Vulnerability affects `CDetailView`. If your application takes the value from the user, then the attacker can execute an arbitrary PHP script on your server. We do not disclose details immediately to give time to update. According to our data, only the core development team of the framework is known for details.
Vulnerability assigned number CVE-2014-4672.
')
You can pick up the distribution package , as usual, at yiiframework.com or upgrade via Composer.
Source: https://habr.com/ru/post/228069/
All Articles