CVE-2014-1999

Severity CVSS v4.0:
Pending analysis
Type:
CWE-94 Code Injection
Publication date:
20/07/2014
Last modified:
12/04/2025

Description

The auto-format feature in the Request_Curl class in FuelPHP 1.1 through 1.7.1 allows remote attackers to execute arbitrary code via a crafted response.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:fuelphp:fuelphp:1.1:*:*:*:*:*:*:*
cpe:2.3:a:fuelphp:fuelphp:1.2:*:*:*:*:*:*:*
cpe:2.3:a:fuelphp:fuelphp:1.2:rc1:*:*:*:*:*:*
cpe:2.3:a:fuelphp:fuelphp:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:fuelphp:fuelphp:1.3:*:*:*:*:*:*:*
cpe:2.3:a:fuelphp:fuelphp:1.4:*:*:*:*:*:*:*
cpe:2.3:a:fuelphp:fuelphp:1.5:*:*:*:*:*:*:*
cpe:2.3:a:fuelphp:fuelphp:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:fuelphp:fuelphp:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:fuelphp:fuelphp:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:fuelphp:fuelphp:1.6:*:*:*:*:*:*:*
cpe:2.3:a:fuelphp:fuelphp:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:fuelphp:fuelphp:1.7:*:*:*:*:*:*:*
cpe:2.3:a:fuelphp:fuelphp:1.7.1:*:*:*:*:*:*:*