cbcvebase.
CVE-2013-1412
published 2014-06-02

CVE-2013-1412: DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a…

PriorityP268high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
40.47%
98.5th percentile
DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier.

Affected

1 ranges
VendorProductVersion rangeFixed in
dlevietdatalife_engine

Detection & IOCsextracted from sources · hover to see the quote

path/engine/preview.php
commandcatlist[0]={rand}')||printf("{fingerprint}");//
commandcatlist[0]={rand}')||eval(base64_decode("{base64_payload}"));//
  • Detect POST requests to /engine/preview.php containing preg_replace e-modifier injection patterns in the catlist[] parameter, specifically payloads with ')|| followed by PHP function calls such as eval(), printf(), or base64_decode().
  • Alert on POST requests to engine/preview.php where the catlist[] parameter body contains eval(base64_decode( — a strong indicator of active exploitation payload delivery.
  • Exploitation requires a template containing a [catlist] or [not-catlist] tag to be installed (not necessarily active). Investigate template configurations when triaging exploitation attempts.
  • The vulnerable code path is specifically at lines 249 and 253 of /engine/preview.php, where preg_replace is called with the #ies flag. Monitor file integrity of this file for unauthorized modifications.
  • ·Exploitation is only possible when a template containing a [catlist] or [not-catlist] tag is installed on the target instance, even if that template is not currently active.
  • ·The vulnerability affects DataLife Engine version 9.7 only.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.