Published: 02/06/2014 Updated: 03/06/2014

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

DataLife Engine (DLE) 9.7 allows remote malicious users to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dleviet datalife engine 9.7

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # web site for more information on licensing and terms of use # metasploitcom/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit ...

------------------------------------------------------------------ DataLife Engine 97 (previewphp) PHP Code Injection Vulnerability ------------------------------------------------------------------ [-] Software Link: dlevietcom/ [-] Affected Version: 97 only [-] Vulnerability Description: The vulnerable code is located in the / ...

DataLife Engine version 97 suffers from a PHP code injection vulnerability in previewphp ...

Datalife Engine version 97 engine/previewphp bindshell exploit that binds a shell to port 4444 ...

CWE-94 http://www.exploit-db.com/exploits/24444 http://osvdb.org/89662 http://karmainsecurity.com/KIS-2013-01 http://dleviet.com/dle/bug-fix/3281-security-patches-for-dle-97.html http://archives.neohapsis.com/archives/bugtraq/2013-01/0117.html http://secunia.com/advisories/51971 http://www.exploit-db.com/exploits/24438 http://www.securityfocus.com/bid/57603 https://nvd.nist.gov https://www.exploit-db.com/exploits/24444/

CVE-2013-1412

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect