Project: Wordpress Plugin Photo Video Store 18.05

Vulnerability: #8928854 (2018-07-26 18:54:25)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _REQUEST
/photo-video-store/templates/zoomer.php:10 (show/hide source)
1  <?php
2  if ( ! defined( 'ABSPATH' ) )
3  {
4  	exit();
5  }
6  
7  include ( "JsHttpRequest.php" );
8  
9  $JsHttpRequest = new JsHttpRequest( $mtg );
10 ?><img src='<?php echo site_url()?>/image/?id=<?php echo $_REQUEST["id"] ?>&x1=<?php echo $_REQUEST["x1"] ?>&x0=<?php echo $_REQUEST["x0"] ?>&y1=<?php echo $_REQUEST["y1"] ?>&y0=<?php echo $_REQUEST["y0"] ?>&z=<?php echo $_REQUEST["z"] ?>&width=<?php echo $_REQUEST["width"] ?>&height=<?php echo $_REQUEST["height"] ?>'>
Threat level 2

Callstack:

@INLINE::/photo-video-store/templates/zoomer.php /photo-video-store/templates/zoomer.php:10 (show/hide source)
1  <?php
2  if ( ! defined( 'ABSPATH' ) )
3  {
4  	exit();
5  }
6  
7  include ( "JsHttpRequest.php" );
8  
9  $JsHttpRequest = new JsHttpRequest( $mtg );
10 ?><img src='<?php echo site_url()?>/image/?id=<?php echo $_REQUEST["id"] ?>&x1=<?php echo $_REQUEST["x1"] ?>&x0=<?php echo $_REQUEST["x0"] ?>&y1=<?php echo $_REQUEST["y1"] ?>&y0=<?php echo $_REQUEST["y0"] ?>&z=<?php echo $_REQUEST["z"] ?>&width=<?php echo $_REQUEST["width"] ?>&height=<?php echo $_REQUEST["height"] ?>'>