Skip to main content

Datalife Engine

3 CVEs product

Monthly

CVE-2018-14777 MEDIUM POC This Month

An issue was discovered in DataLife Engine (DLE) through 13.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Datalife Engine
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2013-7387 MEDIUM POC PATCH This Month

Session fixation vulnerability in DataLife Engine (DLE) 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Datalife Engine
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
2.0%
CVE-2013-1412 HIGH POC PATCH THREAT Act Now

DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 85.1%.

RCE PHP Code Injection Datalife Engine
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
85.1%
Threat
5.6
EPSS 1% CVSS 5.4
MEDIUM POC This Month

An issue was discovered in DataLife Engine (DLE) through 13.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Datalife Engine
NVD
EPSS 2% CVSS 6.8
MEDIUM POC PATCH This Month

Session fixation vulnerability in DataLife Engine (DLE) 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Datalife Engine
NVD Exploit-DB
EPSS 85% 5.6 CVSS 7.5
HIGH POC PATCH THREAT Act Now

DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 85.1%.

RCE PHP Code Injection +1
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy