[] NeoSense
E X P L O I T S
title author type platform port cve id

DataLife Engine 9.7 - 'preview.php' PHP Code Injection

Author: EgiX
type: webapps
platform: php
port: 
date_added: 2013-01-29 
date_updated: 2014-01-02 
verified: 1 
codes: CVE-2013-7387;OSVDB-89662;CVE-2013-1412 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comDataLife_Engine_9.7_Win-1251_Final_English_By_DLEVIET_22.11.2012.rar
------------------------------------------------------------------
DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability
------------------------------------------------------------------

[-] Software Link:

http://dleviet.com/


[-] Affected Version:

9.7 only.


[-] Vulnerability Description:

The vulnerable code is located in the /engine/preview.php script:

246.	$c_list = implode (',', $_REQUEST['catlist']);
247.
248.	if( strpos( $tpl->copy_template, "[catlist=" ) !== false ) {
249.		$tpl->copy_template = preg_replace( "#\\[catlist=(.+?)\\](.*?)\\[/catlist\\]#ies", "check_category('\\1', '\\2', '{$c_list}')", $tpl->copy_template );
250.	}
251.
252.	if( strpos( $tpl->copy_template, "[not-catlist=" ) !== false ) {
253.		$tpl->copy_template = preg_replace( "#\\[not-catlist=(.+?)\\](.*?)\\[/not-catlist\\]#ies", "check_category('\\1', '\\2', '{$c_list}', false)", $tpl->copy_template );
254.	}

User supplied input passed through the $_REQUEST['catlist'] parameter is not properly
sanitized before being used in a preg_replace() call with the e modifier at lines 249 and 253.
This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of
this vulnerability requires a template which contains a “catlist” (or a “not-catlist”) tag.


[-] Solution:

Apply the vendor patch: http://dleviet.com/dle/bug-fix/3281-security-patches-for-dle-97.html


[-] Disclosure Timeline:

[16/01/2013] - Vendor notified
[19/01/2013] - Vendor patch released
[20/01/2013] - CVE number requested
[21/01/2013] - CVE number assigned
[28/01/2013] - Public disclosure


[-] CVE Reference:

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2013-1412 to this vulnerability.


[-] Credits:

Vulnerability discovered by Egidio Romano.


[-] Original Advisory:

http://karmainsecurity.com/KIS-2013-01
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.