CVE-2013-1412

Name of the Vulnerable Software and Affected Versions DataLife Engine (DLE) version 9.7

Description The issue allows remote attackers to execute arbitrary PHP code. This is achieved via the catlist[] parameter to "engine/preview.php". The vulnerability is exploited through a preg replace function call with an e modifier.

Recommendations For DataLife Engine (DLE) version 9.7, consider restricting access to the "engine/preview.php" endpoint until a patch is available. As a temporary workaround, avoid using the catlist[] parameter in the affected endpoint to minimize the risk of exploitation.