Project: Wordpress Plugin Photo Video Store 18.05

Vulnerability: #8928905 (2018-07-26 19:04:11)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _GET
/photo-video-store/templates/content_photo_preview.php:222 (show/hide source)
202  ?>px;height:1px;border-top-color:#777777;border-top-width:1px;border-top-style:solid;display:none;position:absolute;top:0;left:0;z-index:2'>&nbsp;</div>
203  
204  <div id="zm2" name="zm2"    style='width:1px;height:<?php echo $height2
205  ?>px;border-left-color:#777777;border-left-width:1px;border-left-style:solid;display:none;position:absolute;top:0;left:0;z-index:2'>&nbsp;</div>
206  
207  <div id="zm3" name="zm3"    style='width:<?php echo $width2
208  ?>px;height:1px;border-top-color:#777777;border-top-width:1px;border-top-style:solid;display:none;position:absolute;top:0;left:0;z-index:2'>&nbsp;</div>
209  
210  <div id="zm4" name="zm4"    style='width:1px;height:<?php echo $height2
211  ?>px;border-right-color:#777777;border-right-width:1px;border-right-style:solid;display:none;position:absolute;top:0;left:0;z-index:2'>&nbsp;</div>
212  
213  <div id="zoomer_header"></div>
214  
215  
216  <div id="zoomer" onClick="zoomer_show(<?php echo $width
217  ?>,<?php echo $height
218  ?>,<?php echo $_GET["id"] ?>,event);"  onMouseover="zoomeron(<?php echo $width
219  ?>,<?php echo $height
220  ?>,event,<?php echo $_GET["id"] ?>);" onMousemove="zoomermove(<?php echo $width
221  ?>,<?php echo $height
222 ?>,event,<?php echo $_GET["id"] ?>);" onMouseout="zoomeroff();" name="zoomer" style="width:<?php echo $width
223 ?>;height:<?php echo $height 224 ?>;background-image: url('<?php
Threat level 2

Callstack:

@INLINE::/photo-video-store/templates/content_photo_preview.php /photo-video-store/templates/content_photo_preview.php:222 (show/hide source)
202  ?>px;height:1px;border-top-color:#777777;border-top-width:1px;border-top-style:solid;display:none;position:absolute;top:0;left:0;z-index:2'>&nbsp;</div>
203  
204  <div id="zm2" name="zm2"    style='width:1px;height:<?php echo $height2
205  ?>px;border-left-color:#777777;border-left-width:1px;border-left-style:solid;display:none;position:absolute;top:0;left:0;z-index:2'>&nbsp;</div>
206  
207  <div id="zm3" name="zm3"    style='width:<?php echo $width2
208  ?>px;height:1px;border-top-color:#777777;border-top-width:1px;border-top-style:solid;display:none;position:absolute;top:0;left:0;z-index:2'>&nbsp;</div>
209  
210  <div id="zm4" name="zm4"    style='width:1px;height:<?php echo $height2
211  ?>px;border-right-color:#777777;border-right-width:1px;border-right-style:solid;display:none;position:absolute;top:0;left:0;z-index:2'>&nbsp;</div>
212  
213  <div id="zoomer_header"></div>
214  
215  
216  <div id="zoomer" onClick="zoomer_show(<?php echo $width
217  ?>,<?php echo $height
218  ?>,<?php echo $_GET["id"] ?>,event);"  onMouseover="zoomeron(<?php echo $width
219  ?>,<?php echo $height
220  ?>,event,<?php echo $_GET["id"] ?>);" onMousemove="zoomermove(<?php echo $width
221  ?>,<?php echo $height
222 ?>,event,<?php echo $_GET["id"] ?>);" onMouseout="zoomeroff();" name="zoomer" style="width:<?php echo $width
223 ?>;height:<?php echo $height 224 ?>;background-image: url('<?php