Arbitrary Code Execution Vulnerability in FuelPHP's Request_Curl Auto-Format Feature

Arbitrary Code Execution Vulnerability in FuelPHP's Request_Curl Auto-Format Feature

CVE-2014-1999 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The auto-format feature in the Request_Curl class in FuelPHP 1.1 through 1.7.1 allows remote attackers to execute arbitrary code via a crafted response.

Learn more about our Web Application Penetration Testing UK.