CVE-2010-2005

Name of the Vulnerable Software and Affected Versions DataLife Engine (DLE) version 8.3

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via a URL in several parameters, including the selected language parameter to "engine/inc/include/init.php", the config[langs] parameter to "engine/inc/help.php", the config[lang] parameter to "engine/ajax/pm.php", and the REQUEST[skin] parameter to "engine/ajax/addcomments.php".

Recommendations For DataLife Engine (DLE) version 8.3, consider disabling the init.php, help.php, pm.php, and addcomments.php files temporarily until a patch is available. Restrict access to these files to minimize the risk of exploitation. Avoid using the selected language, config[langs], config[lang], and REQUEST[skin] parameters in the affected API endpoints until the issue is resolved.