Vulnerability Details CVE-2014-1999
The auto-format feature in the Request_Curl class in FuelPHP 1.1 through 1.7.1 allows remote attackers to execute arbitrary code via a crafted response.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.02
EPSS Ranking 82.8%
CVSS Severity
CVSS v2 Score 7.5
References
Products affected by CVE-2014-1999
-
cpe:2.3:a:fuelphp:fuelphp:1.1
-
cpe:2.3:a:fuelphp:fuelphp:1.2
-
cpe:2.3:a:fuelphp:fuelphp:1.2.1
-
cpe:2.3:a:fuelphp:fuelphp:1.3
-
cpe:2.3:a:fuelphp:fuelphp:1.4
-
cpe:2.3:a:fuelphp:fuelphp:1.5
-
cpe:2.3:a:fuelphp:fuelphp:1.5.1
-
cpe:2.3:a:fuelphp:fuelphp:1.5.2
-
cpe:2.3:a:fuelphp:fuelphp:1.5.3
-
cpe:2.3:a:fuelphp:fuelphp:1.6
-
cpe:2.3:a:fuelphp:fuelphp:1.6.1
-
cpe:2.3:a:fuelphp:fuelphp:1.7
-
cpe:2.3:a:fuelphp:fuelphp:1.7.1