PT-2014-4420 · Fuelphp · Fuelphp
Masaaki Chida
·
Publicado
2014-07-20
·
Atualizado
2014-08-04
·
CVE-2014-1999
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
FuelPHP versions 1.1 through 1.7.1
Description
The issue concerns the auto-format feature in the Request Curl class, which allows remote attackers to execute arbitrary code via a crafted response.
Recommendations
For FuelPHP versions 1.1 through 1.7.1, consider disabling the auto-format feature in the Request Curl class until a patch is available. Restrict access to the Request Curl class to minimize the risk of exploitation. Avoid using the auto-format feature in the Request Curl class until the issue is resolved.
Correção
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Fuelphp