DataLife Engine (DLE) 9.7 allows remote malicious users to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dleviet datalife engine 9.7 |