Project: Wordpress Plugin Photo Video Store 18.05

Vulnerability: #8928949 (2018-07-26 19:06:58)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink fake_wpdb::query
Risk _FILES
/photo-video-store/includes/functions/functions.php:3961 (show/hide source)
3941  
3942  /**
3943   * The function gets filename and file extention
3944   *
3945   * @param  string $filename - file path.
3946   * @param  string $type filename or extention.
3947   * @return string filename or extention
3948   */
3949  function pvs_get_file_info( $filename, $type )
3950  {
3951  	$fname = "";
3952  	$nf = explode( ".", $filename );
3953  	$fext = $nf[count( $nf ) - 1];
3954  
3955  	for ( $i = 0; $i < count( $nf ) - 1; $i++ )
3956  	{
3957  		if ( $fname != "" )
3958  		{
3959  			$fname .= ".";
3960  		}
3961 $fname .= $nf[$i];
3962 } 3963
Threat level 0

Callstack:

@INLINE::/photo-video-store/includes/functions/db.php /photo-video-store/includes/functions/db.php:29 (show/hide source)
9  
10  
11  //affiliates_signups
12  if ( $wpdb->get_var( "SHOW TABLES LIKE '" . PVS_DB_PREFIX .
13  	"administrators_stats'" ) != PVS_DB_PREFIX . 'administrators_stats' )
14  {
15  
16  	$sql = 'CREATE TABLE `' . PVS_DB_PREFIX . 'administrators_stats` (
17  	  `id` int(11) NOT NULL auto_increment,
18  	  `property` varchar(100) default NULL,
19  	  `property_value` int(11) default NULL,
20  	  `administrator_id` int(11) default NULL,
21  	  PRIMARY KEY  (`id`),
22  	  KEY `administrator_id` (`administrator_id`),
23  	  KEY `property` (`property`)
24  	)';
25  	$wpdb->query( $sql );
26  
27  	$sql = 'ALTER TABLE `' . PVS_DB_PREFIX .
28  		'administrators_stats` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci;';
29 $wpdb->query( $sql );
30 } 31