Yii 1.1.15 (security patch)
Vulnerability Affects `CDetailView`. If your application takes the value of value from the user, then the attacker has the ability to execute an arbitrary PHP script on your server. We do not disclose the details immediately to give time to update. According to our data, the details are so far known only to the core development team of the framework.
Vulnerability assigned number CVE-2014-4672.
You can pick up the distribution kit, as usual, at yiiframework.com or upgrade via Composer.