Project: Wordpress Plugin Photo Video Store 18.05

Vulnerability: #8928909 (2018-07-26 19:04:27)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _REQUEST
/photo-video-store/templates/content_list_menu_depositphotos.php:231 (show/hide source)
211  	$sel = "";
212  	if ( $value == @$_REQUEST["orientation"] ) {
213  		$sel = "selected";
214  	}
215  ?>
216  	<option value='<?php echo strtolower( $value )?>'  <?php echo $sel
217  ?>><?php echo pvs_word_lang( $value )?></option>
218  	<?php
219  }
220  ?>
221  			</select>
222  		</div>	
223  		
224  		<div class="search_title2 field_color"><b><?php echo pvs_word_lang( "color" )?>:</b></div>
225  		<div class="search_text2 field_color">
226  		<?php
227  if ( ! isset( $_REQUEST["color"] ) ) {
228  	$_REQUEST["color"] = "FFFFFF";
229  }
230  ?>
231 <input type='hidden' id='color' name='color' value='<?php echo $_REQUEST["color"] ?>' />
232 <div id="customWidget" style="margin-left:-4px"> 233 <div id="colorSelector2"><div style="background-color: #<?php echo $_REQUEST["color"] ?>"></div></div>
Threat level 2

Callstack:

@INLINE::/photo-video-store/templates/content_list_menu_depositphotos.php /photo-video-store/templates/content_list_menu_depositphotos.php:231 (show/hide source)
211  	$sel = "";
212  	if ( $value == @$_REQUEST["orientation"] ) {
213  		$sel = "selected";
214  	}
215  ?>
216  	<option value='<?php echo strtolower( $value )?>'  <?php echo $sel
217  ?>><?php echo pvs_word_lang( $value )?></option>
218  	<?php
219  }
220  ?>
221  			</select>
222  		</div>	
223  		
224  		<div class="search_title2 field_color"><b><?php echo pvs_word_lang( "color" )?>:</b></div>
225  		<div class="search_text2 field_color">
226  		<?php
227  if ( ! isset( $_REQUEST["color"] ) ) {
228  	$_REQUEST["color"] = "FFFFFF";
229  }
230  ?>
231 <input type='hidden' id='color' name='color' value='<?php echo $_REQUEST["color"] ?>' />
232 <div id="customWidget" style="margin-left:-4px"> 233 <div id="colorSelector2"><div style="background-color: #<?php echo $_REQUEST["color"] ?>"></div></div>