CVE-2013-7387

This Metasploit module exploits a PHP code injection vulnerability in DataLife Engine 9.7 via insecure usage of preg_replace() with the e modifier in preview.php. It injects arbitrary PHP code when the template contains a [catlist] or [not-catlist] tag.

The writeup describes a PHP code injection vulnerability in DataLife Engine 9.7 due to improper sanitization of the 'catlist' parameter in the /engine/preview.php script, allowing arbitrary PHP code execution via preg_replace with the e modifier.