The auto-format feature in the Request_Curl class in FuelPHP 1.1 through 1.7.1 allows remote attackers to execute arbitrary code via a crafted response.Referenceshttp://fuelphp.com/security-advisorieshttp://jvndb.jvn.jp/jvndb/JVNDB-2014-000082http://jvn.jp/en/jp/JVN94791545/index.html
