Project: Wordpress Plugin Photo Video Store 18.05

Vulnerability: #8928877 (2018-07-26 19:03:23)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink Standard::file_exists
Risk _FILES
/photo-video-store/includes/functions/functions.php:3961 (show/hide source)
3941  
3942  /**
3943   * The function gets filename and file extention
3944   *
3945   * @param  string $filename - file path.
3946   * @param  string $type filename or extention.
3947   * @return string filename or extention
3948   */
3949  function pvs_get_file_info( $filename, $type )
3950  {
3951  	$fname = "";
3952  	$nf = explode( ".", $filename );
3953  	$fext = $nf[count( $nf ) - 1];
3954  
3955  	for ( $i = 0; $i < count( $nf ) - 1; $i++ )
3956  	{
3957  		if ( $fname != "" )
3958  		{
3959  			$fname .= ".";
3960  		}
3961 $fname .= $nf[$i];
3962 } 3963
Threat level 0

Callstack:

@INLINE::/photo-video-store/templates/exif.php /photo-video-store/templates/exif.php:45 (show/hide source)
25  		$ds->movenext();
26  	}
27  }
28  
29  if ( $file_storage ) {
30  	if ( $file_name != "" ) {
31  		echo ( "<h2 class='exif_header'>EXIF:	</h2>" );
32  		echo ( pvs_get_exif( $file_name, false, ( int )$id ) );
33  	}
34  } else
35  {
36  	$sql = "select server1,id from " . PVS_DB_PREFIX .
37  		"media where id=" . ( int )$id;
38  	$rs->open( $sql );
39  	if ( ! $rs->eof ) {
40  		$sql = "select url from " . PVS_DB_PREFIX . "items where id_parent=" . ( int )$id;
41  		$dr->open( $sql );
42  		if ( ! $dr->eof ) {
43  			$img = pvs_upload_dir() . pvs_server_url( $rs->row["server1"] ) .
44  				"/" . $rs->row["id"] . "/" . $dr->row["url"];
45 if ( file_exists( $img ) )
46 { 47 echo ( "<h2 class='exif_header'>EXIF: </h2>" );