Dleviet : Security Vulnerabilities, CVEs,

CVE-2018-14777

An issue was discovered in DataLife Engine (DLE) through 13.0. An attacker can use XSS (related to the /addnews.html and /index.php?do=addnews URIs) to send a malicious script to unsuspecting Admins or users.
Max CVSS
5.4
EPSS Score
0.06%
Published
2018-08-01
Updated
2018-10-02

CVE-2013-7387

Session fixation vulnerability in DataLife Engine (DLE) 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie.
Max CVSS
6.8
EPSS Score
0.31%
Published
2014-06-02
Updated
2014-06-03

CVE-2013-1412

Public exploit
DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier.
Max CVSS
7.5
EPSS Score
96.68%
Published
2014-06-02
Updated
2014-06-03
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close