Vulnerability Details CVE-2015-5467
web\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the view parameeter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.7%
CVSS Severity
CVSS v3 Score 9.8
References
- https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-dev/CVE-2015-5467.yaml
- https://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix
- https://github.com/FriendsOfPHP/security-advisories/blob/master/yiisoft/yii2-dev/CVE-2015-5467.yaml
- https://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix
Products affected by CVE-2015-5467
-
cpe:2.3:a:yiiframework:yii:2.0.0
-
cpe:2.3:a:yiiframework:yii:2.0.1
-
cpe:2.3:a:yiiframework:yii:2.0.2
-
cpe:2.3:a:yiiframework:yii:2.0.3
-
cpe:2.3:a:yiiframework:yii:2.0.4