DataLife Engine preview.php PHP Code Injection
This module exploits a PHP code injection vulnerability DataLife Engine 9.7. The vulnerability exists in preview.php, due to an insecure usage of pregreplace with the e modifier, which allows to inject arbitrary php code, when there is a template installed which contains a catlist or not-catlist...