Lucene search
HistoryJul 20, 2014 - 11:12 a.m.
CVE-2014-1999
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.5 High
AI Score
Confidence
High
0.031 Low
EPSS
Percentile
91.1%
The auto-format feature in the Request_Curl class in FuelPHP 1.1 through 1.7.1 allows remote attackers to execute arbitrary code via a crafted response.
Affected configurations
Node
fuelphpfuelphpMatch1.1
ORfuelphpfuelphpMatch1.2
ORfuelphpfuelphpMatch1.2rc1
ORfuelphpfuelphpMatch1.2.1
ORfuelphpfuelphpMatch1.3
ORfuelphpfuelphpMatch1.4
ORfuelphpfuelphpMatch1.5
ORfuelphpfuelphpMatch1.5.1
ORfuelphpfuelphpMatch1.5.2
ORfuelphpfuelphpMatch1.5.3
ORfuelphpfuelphpMatch1.6
ORfuelphpfuelphpMatch1.6.1
ORfuelphpfuelphpMatch1.7
ORfuelphpfuelphpMatch1.7.1
Related
prion
prion
Format string
2014-07-20 11:12:00
cvelist
cvelist
CVE-2014-1999
2014-07-20 10:00:00
fuelphp
fuelphp
auto-format of Curl responses may lead to code execution
2014-01-05 00:00:00
jvn
jvn
JVN#94791545: FuelPHP vulnerable to remote code execution
2014-07-18 00:00:00
cve
cve
CVE-2014-1999
2014-07-20 11:12:49
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.5 High
AI Score
Confidence
High
0.031 Low
EPSS
Percentile
91.1%
Related for NVD:CVE-2014-1999