Project: Wordpress Plugin Photo Video Store 18.05

Vulnerability: #8928911 (2018-07-26 19:04:27)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _REQUEST
/photo-video-store/templates/content_list_menu_depositphotos.php:239 (show/hide source)
219  }
220  ?>
221  			</select>
222  		</div>	
223  		
224  		<div class="search_title2 field_color"><b><?php echo pvs_word_lang( "color" )?>:</b></div>
225  		<div class="search_text2 field_color">
226  		<?php
227  if ( ! isset( $_REQUEST["color"] ) ) {
228  	$_REQUEST["color"] = "FFFFFF";
229  }
230  ?>
231  		<input type='hidden' id='color' name='color' value='<?php echo $_REQUEST["color"] ?>' />
232  		<div id="customWidget" style="margin-left:-4px">
233  		<div id="colorSelector2"><div style="background-color: #<?php echo $_REQUEST["color"] ?>"></div></div>
234  	                <div id="colorpickerHolder2">
235  	                </div>
236  	</div>
237  	
238  	<script>jQuery('#colorSelector2').ColorPicker({
239 color: '#<?php echo $_REQUEST["color"] ?>',
240 onShow: function (colpkr) { 241 jQuery(colpkr).fadeIn(500);
Threat level 2

Callstack:

@INLINE::/photo-video-store/templates/content_list_menu_depositphotos.php /photo-video-store/templates/content_list_menu_depositphotos.php:239 (show/hide source)
219  }
220  ?>
221  			</select>
222  		</div>	
223  		
224  		<div class="search_title2 field_color"><b><?php echo pvs_word_lang( "color" )?>:</b></div>
225  		<div class="search_text2 field_color">
226  		<?php
227  if ( ! isset( $_REQUEST["color"] ) ) {
228  	$_REQUEST["color"] = "FFFFFF";
229  }
230  ?>
231  		<input type='hidden' id='color' name='color' value='<?php echo $_REQUEST["color"] ?>' />
232  		<div id="customWidget" style="margin-left:-4px">
233  		<div id="colorSelector2"><div style="background-color: #<?php echo $_REQUEST["color"] ?>"></div></div>
234  	                <div id="colorpickerHolder2">
235  	                </div>
236  	</div>
237  	
238  	<script>jQuery('#colorSelector2').ColorPicker({
239 color: '#<?php echo $_REQUEST["color"] ?>',
240 onShow: function (colpkr) { 241 jQuery(colpkr).fadeIn(500);