View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
09166 | Bug reports | Security | public | 2014-08-12 14:49 | 2014-09-08 21:21 |
Reporter | Recxjdv | Assigned To | c_schmitz | ||
Priority | normal | Severity | minor | ||
Status | closed | Resolution | fixed | ||
Product Version | 2.05+ | ||||
Fixed in Version | 2.05+ | ||||
Summary | 09166: Vulnerable Yii Version | ||||
Description | The version of Yii in the current 2.05+ release (140730) as well as 2.06 on Github is 1.1.14 according to the CHANGELOG file, (2.1 and 2.2 are using 1.1.10 which is also assumed vulnerable as years out of date). This version is vulnerable to a PHP code execution issue and has been replaced by Yii with 1.1.15, references included below. | ||||
Steps To Reproduce | N/A | ||||
Additional Information | Ref: http://www.yiiframework.com/news/78/yii-1-1-15-is-released-security-fix/ | ||||
Tags | No tags attached. | ||||
Bug heat | 252 | ||||
Complete LimeSurvey version number (& build) | 140730 | ||||
I will donate to the project if issue is resolved | No | ||||
Browser | N/A | ||||
Database type & version | N/A | ||||
Server OS (if known) | N/A | ||||
Webserver software & version (if known) | N/A | ||||
PHP Version | N/A | ||||
Date Modified | Username | Field | Change |
---|---|---|---|
2014-08-12 14:49 | Recxjdv | New Issue | |
2014-08-12 20:52 | c_schmitz | Note Added: 30412 | |
2014-08-13 09:38 | c_schmitz | Assigned To | => c_schmitz |
2014-08-13 09:38 | c_schmitz | Status | new => assigned |
2014-08-13 09:38 | c_schmitz | Status | assigned => resolved |
2014-08-13 09:38 | c_schmitz | Fixed in Version | => 2.05+ |
2014-08-13 09:38 | c_schmitz | Resolution | open => fixed |
2014-09-08 21:21 | c_schmitz | Status | resolved => closed |