DataLife Engine 8.3 – ‘/engine/ajax/addcomments.php?_REQUEST[skin]’ Remote File Inclusion

  • 作者: indoushka
    日期: 2010-01-19
  • 类别:
  • 来源:
  • source:
    Datalife Engine is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
    Exploiting these issues may allow an attacker to compromise the application and the computer; other attacks are also possible.
    Datalife Engine 8.3 is vulnerable; other versions may also be affected. [skin]]=