Project: Wordpress Plugin Photo Video Store 18.05

Vulnerability: #8928875 (2018-07-26 19:02:37)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink Standard::header
Risk _SERVER
/photo-video-store/templates/language.php:9 (show/hide source)
1  <?php
2  if ( ! defined( 'ABSPATH' ) )
3  {
4  	exit();
5  }
6  
7  
8  if ( isset( $_SERVER["HTTP_REFERER"] ) and ! preg_match( "/language/i", $_SERVER["HTTP_REFERER"] ) ) {
9 header( "location:" . $_SERVER["HTTP_REFERER"] );
10 } else 11 {
Threat level 0

Callstack:

@INLINE::/photo-video-store/templates/language.php /photo-video-store/templates/language.php:9 (show/hide source)
1  <?php
2  if ( ! defined( 'ABSPATH' ) )
3  {
4  	exit();
5  }
6  
7  
8  if ( isset( $_SERVER["HTTP_REFERER"] ) and ! preg_match( "/language/i", $_SERVER["HTTP_REFERER"] ) ) {
9 header( "location:" . $_SERVER["HTTP_REFERER"] );
10 } else 11 {