CVE-2013-1412

Severity CVSS v4.0:
Pending analysis
Type:
CWE-94 Code Injection
Publication date:
02/06/2014
Last modified:
12/04/2025

Description

DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:dleviet:datalife_engine:9.7:*:*:*:*:*:*:*