CVE-2014-1999

CVE-2014-1999

EPSS 2.7%

The auto-format feature in the Request_Curl class in FuelPHP 1.1 through 1.7.1 allows remote attackers to execute arbitrary code via a crafted response.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://fuelphp.com/security-advisories http://jvndb.jvn.jp/jvndb/JVNDB-2014-000082 http://jvn.jp/en/jp/JVN94791545/index.html