Headline
GHSA-7cfq-72w2-24q4: Yii2 allows attackers to execute any local .php file via a relative path in the view parameter
web\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the view parameeter.
Yii2 allows attackers to execute any local .php file via a relative path in the view parameter
Moderate severity GitHub Reviewed Published Sep 21, 2023 to the GitHub Advisory Database • Updated Sep 21, 2023
Related news
CVE-2015-5467: security-advisories/yiisoft/yii2-dev/CVE-2015-5467.yaml at master · FriendsOfPHP/security-advisories
web\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the view parameeter.