Lucene search

[email protected]CVE-2010-2005

HistoryMay 20, 2010 - 9:30 p.m.

CVE-2010-2005

2010-05-2021:30:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2010-2005

php

remote file inclusion

datalife engine

dle 8.3

vulnerability

nvd

security

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.5%

JSON

Multiple PHP remote file inclusion vulnerabilities in DataLife Engine (DLE) 8.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the selected_language parameter to engine/inc/include/init.php, (2) the config[langs] parameter to engine/inc/help.php, (3) the config[lang] parameter to engine/ajax/pm.php, (4) and the _REQUEST[skin] parameter to engine/ajax/addcomments.php.

CPENameOperatorVersion
datalifecms:datalife_enginedatalifecms datalife engineeq8.3

CPE	Name	Operator	Version
datalifecms:datalife_engine	datalifecms datalife engine	eq	8.3

References

www.packetstormsecurity.com/1001-exploits/datalifeengine83-rfi.txt

www.securityfocus.com/bid/37851

exchange.xforce.ibmcloud.com/vulnerabilities/55757

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.5%

JSON

Related for CVE-2010-2005

securityvulns2 cvelist1 prion1