View Issue Details

This bug affects 1 person(s).
 252
IDProjectCategoryView StatusLast Update
09166Bug reportsSecuritypublic2014-09-08 21:21
ReporterRecxjdv Assigned Toc_schmitz  
PrioritynormalSeverityminor 
Status closedResolutionfixed 
Product Version2.05+ 
Fixed in Version2.05+ 
Summary09166: Vulnerable Yii Version
Description

The version of Yii in the current 2.05+ release (140730) as well as 2.06 on Github is 1.1.14 according to the CHANGELOG file, (2.1 and 2.2 are using 1.1.10 which is also assumed vulnerable as years out of date).

This version is vulnerable to a PHP code execution issue and has been replaced by Yii with 1.1.15, references included below.

Steps To Reproduce

N/A

Additional Information

Ref: http://www.yiiframework.com/news/78/yii-1-1-15-is-released-security-fix/
Ref: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4672

TagsNo tags attached.
Bug heat252
Complete LimeSurvey version number (& build)140730
I will donate to the project if issue is resolvedNo
BrowserN/A
Database type & versionN/A
Server OS (if known)N/A
Webserver software & version (if known)N/A
PHP VersionN/A

Users monitoring this issue

There are no users monitoring this issue.

Activities

c_schmitz

c_schmitz

2014-08-12 20:52

administrator   ~30412

The issue only affects CDetailView which we are not using in LimeSurvey so there is no immediate problem.

Issue History

Date Modified Username Field Change
2014-08-12 14:49 Recxjdv New Issue
2014-08-12 20:52 c_schmitz Note Added: 30412
2014-08-13 09:38 c_schmitz Assigned To => c_schmitz
2014-08-13 09:38 c_schmitz Status new => assigned
2014-08-13 09:38 c_schmitz Status assigned => resolved
2014-08-13 09:38 c_schmitz Fixed in Version => 2.05+
2014-08-13 09:38 c_schmitz Resolution open => fixed
2014-09-08 21:21 c_schmitz Status resolved => closed