Vulnerabilities > CVE-2013-7387 - Unspecified vulnerability in Dleviet Datalife Engine 9.7

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
dleviet
exploit available

Summary

Session fixation vulnerability in DataLife Engine (DLE) 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie. Per: http://cwe.mitre.org/data/definitions/384.html "CWE-384: Session Fixation"

Vulnerable Configurations

Part Description Count
Application
Dleviet
1

Exploit-Db

  • descriptionDataLife Engine preview.php PHP Code Injection. CVE-2013-1412,CVE-2013-7387. Remote exploit for php platform
    fileexploits/php/remote/24444.rb
    idEDB-ID:24444
    last seen2016-02-02
    modified2013-02-01
    platformphp
    port
    published2013-02-01
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/24444/
    titleDataLife Engine preview.php PHP Code Injection
    typeremote
  • descriptionDataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability. CVE-2013-1412,CVE-2013-7387. Webapps exploit for php platform
    fileexploits/php/webapps/24438.txt
    idEDB-ID:24438
    last seen2016-02-02
    modified2013-01-28
    platformphp
    port
    published2013-01-28
    reporterEgiX
    sourcehttps://www.exploit-db.com/download/24438/
    titleDataLife Engine 9.7 preview.php PHP Code Injection Vulnerability
    typewebapps