CVE-2014-1999
FuelPHP 1.1-1.7.1 - Remote Code Execution via Request_Curl Auto-Format Feature
Title source: llmDescription
The auto-format feature in the Request_Curl class in FuelPHP 1.1 through 1.7.1 allows remote attackers to execute arbitrary code via a crafted response.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
http://fuelphp.com/security-advisories
Vendor Advisory third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000082
Vendor Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN94791545/index.html
Scores
EPSS
0.0272
EPSS Percentile
84.2%
Details
CWE
CWE-94
Status
published
Products (13)
fuelphp/fuelphp
1.1
fuelphp/fuelphp
1.2 (2 CPE variants)
fuelphp/fuelphp
1.2.1
fuelphp/fuelphp
1.3
fuelphp/fuelphp
1.4
fuelphp/fuelphp
1.5
fuelphp/fuelphp
1.5.1
fuelphp/fuelphp
1.5.2
fuelphp/fuelphp
1.5.3
fuelphp/fuelphp
1.6
... and 3 more
Published
Jul 20, 2014
Tracked Since
Feb 18, 2026