Project: Wordpress Plugin Photo Video Store 18.05

Vulnerability: #8928906 (2018-07-26 19:04:27)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _REQUEST
/photo-video-store/templates/content_list_menu_fotolia.php:267 (show/hide source)
247  	if ( $value == @$_REQUEST["orientation"] ) {
248  		$sel = "selected";
249  	}
250  ?>
251  	<option value='<?php echo $value
252  ?>'  <?php echo $sel
253  ?>><?php echo pvs_word_lang( $value )?></option>
254  	<?php
255  }
256  ?>
257  			</select>
258  		</div>	
259  		
260  		<div class="search_title2 field_color"><b><?php echo pvs_word_lang( "color" )?>:</b></div>
261  		<div class="search_text2 field_color">
262  		<?php
263  if ( ! isset( $_REQUEST["color"] ) ) {
264  	$_REQUEST["color"] = "FFFFFF";
265  }
266  ?>
267 <input type='hidden' id='color' name='color' value='<?php echo $_REQUEST["color"] ?>' />
268 <div id="customWidget" style="margin-left:-4px"> 269 <div id="colorSelector2"><div style="background-color: #<?php echo $_REQUEST["color"] ?>"></div></div>
Threat level 2

Callstack:

@INLINE::/photo-video-store/templates/content_list_menu_fotolia.php /photo-video-store/templates/content_list_menu_fotolia.php:267 (show/hide source)
247  	if ( $value == @$_REQUEST["orientation"] ) {
248  		$sel = "selected";
249  	}
250  ?>
251  	<option value='<?php echo $value
252  ?>'  <?php echo $sel
253  ?>><?php echo pvs_word_lang( $value )?></option>
254  	<?php
255  }
256  ?>
257  			</select>
258  		</div>	
259  		
260  		<div class="search_title2 field_color"><b><?php echo pvs_word_lang( "color" )?>:</b></div>
261  		<div class="search_text2 field_color">
262  		<?php
263  if ( ! isset( $_REQUEST["color"] ) ) {
264  	$_REQUEST["color"] = "FFFFFF";
265  }
266  ?>
267 <input type='hidden' id='color' name='color' value='<?php echo $_REQUEST["color"] ?>' />
268 <div id="customWidget" style="margin-left:-4px"> 269 <div id="colorSelector2"><div style="background-color: #<?php echo $_REQUEST["color"] ?>"></div></div>