Project: Wordpress Plugin Photo Video Store 18.05

Vulnerability: #8928941 (2018-07-26 19:06:53)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink @FUNCTION::mysqli_query
Risk _FILES
/photo-video-store/includes/functions/functions.php:3961 (show/hide source)
3941  
3942  /**
3943   * The function gets filename and file extention
3944   *
3945   * @param  string $filename - file path.
3946   * @param  string $type filename or extention.
3947   * @return string filename or extention
3948   */
3949  function pvs_get_file_info( $filename, $type )
3950  {
3951  	$fname = "";
3952  	$nf = explode( ".", $filename );
3953  	$fext = $nf[count( $nf ) - 1];
3954  
3955  	for ( $i = 0; $i < count( $nf ) - 1; $i++ )
3956  	{
3957  		if ( $fname != "" )
3958  		{
3959  			$fname .= ".";
3960  		}
3961 $fname .= $nf[$i];
3962 } 3963
Threat level 0

Callstack:

TMySQLConnection::execute /photo-video-store/includes/functions/mysqldb.php:19 (show/hide source)
1  <?php
2  // Exit if accessed directly.
3  if ( ! defined( 'ABSPATH' ) )
4  {
5  	exit;
6  }
7  
8  class TMySQLConnection
9  {
10  	var $connection;
11  
12  	function connect()
13  	{
14  		$this->connection = mysqli_connect( DB_HOST, DB_USER, DB_PASSWORD, DB_NAME );
15  	}
16  
17  	function execute( $query )
18  	{
19 if ( $mysqli_result = mysqli_query( $this->connection, $query ) )
20 { 21 return $mysqli_result;
TMySQLQuery::open /photo-video-store/includes/functions/mysqldb.php:52 (show/hide source)
32  }
33  
34  class TMySQLQuery
35  {
36  	var $connection;
37  	var $result;
38  	var $row;
39  	var $trow;
40  	var $eof;
41  	var $addnew;
42  	var $source;
43  	var $rc;
44  
45  	function __construct()
46  	{
47  		$this->connection = new TMySQLConnection;
48  	}
49  
50  	function open( $query )
51  	{
52 $this->result = $this->connection->execute( $query );
53 $this->movenext(); 54 }
@INLINE::/photo-video-store/includes/functions/header.php /photo-video-store/includes/functions/header.php:17 (show/hide source)
1  <?php
2  // Exit if accessed directly.
3  if ( ! defined( 'ABSPATH' ) )
4  {
5  	exit;
6  }
7  $flag_social = false;
8  $social_mass = array();
9  $pvs_meta_tags = '';
10  $pvs_meta_keywords = '';
11  $pvs_meta_description = '';
12  
13  //Meta categories
14  if ( get_query_var('pvs_page') == 'category') {
15  	$sql = "select id, id_parent, title,priority,password,description,keywords,photo,upload,published,url from " .
16  		PVS_DB_PREFIX . "category where id=" . ( int )get_query_var('pvs_id');
17 $rs->open( $sql );
18 if ( ! $rs->eof ) { 19 $translate_results = pvs_translate_category( $rs->row["id"], $rs->row["title"],