3 matches found
CVE-2013-1412
CVE-2013-1412 affects DataLife Engine 9.7. The vulnerability is a remote PHP code injection in engine/preview.php via the catlist[] parameter, exploited through an insecure preg_replace with the deprecated/e modifier. Public references document remote code execution capabilities and multiple expl...
CVE-2018-14777
DataLife Engine (DLE) before or at version 13.0 contains a cross-site scripting (XSS) vulnerability that affects the /addnews.html and /index.php?do=addnews endpoints. An attacker can inject malicious scripts that are rendered inAdmin or user browsers, enabling access to cookies, session tokens, ...
CVE-2013-7387
CVE-2013-7387 affects DataLife Engine (DLE) 9.7 and earlier . The vulnerability is a session fixation flaw allowing remote attackers to hijack web sessions via the PHPSESSID cookie. The connected documents specify the affected product/version and the attack vector but do not provide concrete reme...