CVE-2013-1412

DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier.

Date published : 2014-06-02

http://www.securityfocus.com/bid/57603

http://archives.neohapsis.com/archives/bugtraq/2013-01/0117.html