Project: Wordpress Plugin Photo Video Store 18.05

Vulnerability: #8928876 (2018-07-26 19:02:56)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _SERVER
/photo-video-store/templates/item_protected.php:3 (show/hide source)
1  <h2><?php echo(pvs_word_lang("password protected"));?></h2>
2  
3 <form method="post" action="<?php echo( $_SERVER['REQUEST_URI'] );?>">
4 <input type="password" name="password" value="" style="width:140px;" class="form-control"><br><input class="btn btn-success isubmit" type="submit" value="<?php echo(pvs_word_lang("check"));?>"> 5 <input type="hidden" name="id_parent" value="<?php echo(get_query_var('pvs_id'));?>">
Threat level 0

Callstack:

@INLINE::/photo-video-store/templates/item_protected.php /photo-video-store/templates/item_protected.php:3 (show/hide source)
1  <h2><?php echo(pvs_word_lang("password protected"));?></h2>
2  
3 <form method="post" action="<?php echo( $_SERVER['REQUEST_URI'] );?>">
4 <input type="password" name="password" value="" style="width:140px;" class="form-control"><br><input class="btn btn-success isubmit" type="submit" value="<?php echo(pvs_word_lang("check"));?>"> 5 <input type="hidden" name="id_parent" value="<?php echo(get_query_var('pvs_id'));?>">