DataLife Engine 'catlist' Parameter PHP Code Injection Vulnerability Network Vulnerability

Summary

DataLife Engine is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromise of the application and the underlying system other attacks are also possible. DataLife Engine 9.7 is vulnerable other versions may also be affected.

Solution

Vendor updates are available. Please see the references for details.

References

http://www.securityfocus.com/bid/57603

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-1412
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Advantech WebAccess Multiple Vulnerabilities
Adobe ColdFusion Components (CFC) Denial Of Service Vulnerability
ASP Inline Corporate Calendar SQL injection
ATutor < 1.5.1-pl1 Multiple Flaws
appRain CMF SQL Injection And Cross Site Scripting Vulnerabilities

Take action and discover your vulnerabilities