Showing 1 - 2 of 2

CVE-2013-1412

Status Candidate

Overview

DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier.

Related Files

DataLife Engine preview.php PHP Code Injection: Posted Feb 1, 2013; Authored by EgiX, juan vazquez | Site metasploit.com; This Metasploit module exploits a PHP code injection vulnerability DataLife Engine 9.7. The vulnerability exists in preview.php, due to an insecure usage of preg_replace() with the e modifier, which allows to inject arbitrary php code, when the template in use contains a [catlist] or [not-catlist] tag.; tags | exploit, arbitrary, php; advisories | CVE-2013-1412; SHA-256 | 50f8efbcf7eeeb9778960d972ce5de90e0aadc26bfd2b879e8e78dbcd0d82f9c; Download | Favorite | View

DataLife Engine 9.7 PHP Code Injection: Posted Jan 29, 2013; Authored by EgiX | Site karmainsecurity.com; DataLife Engine version 9.7 suffers from a PHP code injection vulnerability in preview.php.; tags | exploit, php; advisories | CVE-2013-1412; SHA-256 | f9fca371c6cc4a2c4cbce0576e95fe335c2ff36d4ec6b96f3b9230f8bf8b8d3a; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 308 files
Ubuntu 67 files
Debian 24 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,133)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,177)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,160)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,495)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,025)
UNIX (9,482)
UnixWare (188)
Windows (6,786)
Other

CVE-2013-1412

Overview

Related Files

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems