cbcvebase.
CVE-2010-2005
published 2010-05-20

CVE-2010-2005: Multiple PHP remote file inclusion vulnerabilities in DataLife Engine (DLE) 8.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the…

PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.81%
84.7th percentile
Multiple PHP remote file inclusion vulnerabilities in DataLife Engine (DLE) 8.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the selected_language parameter to engine/inc/include/init.php, (2) the config[langs] parameter to engine/inc/help.php, (3) the config[lang] parameter to engine/ajax/pm.php, (4) and the _REQUEST[skin] parameter to engine/ajax/addcomments.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
datalifecmsdatalife_engine

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.