Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
datalife engine vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-1424
Multiple PHP remote file inclusion vulnerabilities in Softnews Media Group DataLife Engine allow remote malicious users to execute arbitrary PHP code via a URL in the root_dir parameter to (1) init.php and (2) Ajax/editnews.php. NOTE: some of these details are obtained from third...
Softnews Media Group Datalife Engine 4.1
Softnews Media Group Datalife Engine 5.5
2 EDB exploits
NA
CVE-2013-7387
Session fixation vulnerability in DataLife Engine (DLE) 9.7 and previous versions allows remote malicious users to hijack web sessions via the PHPSESSID cookie.
Dleviet Datalife Engine
2 EDB exploits
5.4
CVSSv3
CVE-2018-14777
An issue exists in DataLife Engine (DLE) up to and including 13.0. An attacker can use XSS (related to the /addnews.html and /index.php?do=addnews URIs) to send a malicious script to unsuspecting Admins or users.
Dleviet Datalife Engine
NA
CVE-2013-1412
DataLife Engine (DLE) 9.7 allows remote malicious users to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier.
Dleviet Datalife Engine 9.7
2 EDB exploits
NA
CVE-2008-6406
Cross-site scripting (XSS) vulnerability in admin.php in DataLife Engine (DLE) 7.2 allows remote malicious users to inject arbitrary web script or HTML via the query string.
Datalifecms Datalife Engine 7.2
1 EDB exploit
NA
CVE-2010-2005
Multiple PHP remote file inclusion vulnerabilities in DataLife Engine (DLE) 8.3 allow remote malicious users to execute arbitrary PHP code via a URL in (1) the selected_language parameter to engine/inc/include/init.php, (2) the config[langs] parameter to engine/inc/help.php, (3) ...
Datalifecms Datalife Engine 8.3
4 EDB exploits
NA
CVE-2006-3221
SQL injection vulnerability in index.php in DataLife Engine 4.1 and previous versions allows remote malicious users to execute arbitrary SQL commands via double-encoded values in the user parameter in a userinfo subaction.
Softnews Media Group Datalife Engine
2 EDB exploits
NA
CVE-2008-6480
Cross-site request forgery (CSRF) vulnerability in engine/modules/imagepreview.php in Datalife Engine 6.7 allows remote malicious users to hijack the authentication of arbitrary users for requests that use a modified image parameter.
Softnews Media Group Datalife Engine 6.7
NA
CVE-2009-3055
PHP remote file inclusion vulnerability in engine/api/api.class.php in DataLife Engine (DLE) 8.2 allows remote malicious users to execute arbitrary PHP code via a URL in the dle_config_api parameter.
Dlecms Dle 8.2
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started