Project: Wordpress Plugin Photo Video Store 18.05

Vulnerability: #8928942 (2018-07-26 19:06:53)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink @FUNCTION::mysqli_query
Risk _FILES
/photo-video-store/includes/functions/functions.php:3961 (show/hide source)
3941  
3942  /**
3943   * The function gets filename and file extention
3944   *
3945   * @param  string $filename - file path.
3946   * @param  string $type filename or extention.
3947   * @return string filename or extention
3948   */
3949  function pvs_get_file_info( $filename, $type )
3950  {
3951  	$fname = "";
3952  	$nf = explode( ".", $filename );
3953  	$fext = $nf[count( $nf ) - 1];
3954  
3955  	for ( $i = 0; $i < count( $nf ) - 1; $i++ )
3956  	{
3957  		if ( $fname != "" )
3958  		{
3959  			$fname .= ".";
3960  		}
3961 $fname .= $nf[$i];
3962 } 3963
Threat level 0

Callstack:

TMySQLConnection::execute /photo-video-store/includes/functions/mysqldb.php:19 (show/hide source)
1  <?php
2  // Exit if accessed directly.
3  if ( ! defined( 'ABSPATH' ) )
4  {
5  	exit;
6  }
7  
8  class TMySQLConnection
9  {
10  	var $connection;
11  
12  	function connect()
13  	{
14  		$this->connection = mysqli_connect( DB_HOST, DB_USER, DB_PASSWORD, DB_NAME );
15  	}
16  
17  	function execute( $query )
18  	{
19 if ( $mysqli_result = mysqli_query( $this->connection, $query ) )
20 { 21 return $mysqli_result;
TMySQLQuery::open /photo-video-store/includes/functions/mysqldb.php:52 (show/hide source)
32  }
33  
34  class TMySQLQuery
35  {
36  	var $connection;
37  	var $result;
38  	var $row;
39  	var $trow;
40  	var $eof;
41  	var $addnew;
42  	var $source;
43  	var $rc;
44  
45  	function __construct()
46  	{
47  		$this->connection = new TMySQLConnection;
48  	}
49  
50  	function open( $query )
51  	{
52 $this->result = $this->connection->execute( $query );
53 $this->movenext(); 54 }
@INLINE::/photo-video-store/includes/functions/header.php /photo-video-store/includes/functions/header.php:40 (show/hide source)
20  			$rs->row["description"], $rs->row["keywords"] );
21  
22  		$pvs_meta_keywords .= $translate_results["keywords"];
23  		$pvs_meta_description .= $translate_results["description"];
24  		$social_mass["type"] = "category";
25  		$social_mass["title"] = $translate_results["title"];
26  		$social_mass["keywords"] = $translate_results["keywords"];
27  		$social_mass["description"] = $translate_results["description"];
28  		$social_mass["url"] = site_url() . $rs->row["url"];
29  		$social_mass["author"] = "";
30  		$social_mass["google_x"] = 0;
31  		$social_mass["google_y"] = 0;
32  		$social_mass["data"] = 0;
33  		$social_mass["image"] = $rs->row["photo"];
34  
35  		if ( ! preg_match( "/http/i", $social_mass["image"] ) ) {
36  			$social_mass["image"] = site_url() . $social_mass["image"];
37  		}
38  
39  		$sql = "select title from " . PVS_DB_PREFIX . "category where id_parent=" . $rs->row["id_parent"];
40 $ds->open( $sql );
41 { 42 $social_mass["category"] = $ds->row["title"];