Project: Github Paroxyste/Simply-Blog 20190102

Vulnerability: #9224519 (2019-01-02 06:08:03)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink @FUNCTION::mysqli_query
Risk _GET
/Simply-Blog-master/posts/post.php:224 (show/hide source)
204                      <div class="ripple-container"></div>
205                    </div>
206                  </div>
207                  <div class="col-md-8">
208                    <h4 class="card-title"><?php echo htmlentities($Author); ?></h4>
209                    <p class="description">Aliquam congue vel purus vitae vestibulum. Suspendisse consectetur leo urna, id condimentum nulla eleifend vel.</p>
210                  </div>
211  
212                  <div class="col-md-2">
213                    <button type="button" class="btn btn-rose pull-right btn-round">Follow Me</button>
214                  </div>
215                </div>
216              </div>
217            </div>
218          </div>
219        </div>
220  
221        <?php }; ?>
222  
223        <?php
224 $PostIdForComments = $_GET["id"];
225 $CommentsQuery = "SELECT * FROM comments WHERE admin_panel_id='$PostIdForComments' AND status='On'"; 226 $Execute = mysqli_query($Connection, $CommentsQuery);
Threat level 1

Callstack:

@INLINE::/Simply-Blog-master/posts/post.php /Simply-Blog-master/posts/post.php:226 (show/hide source)
206                  </div>
207                  <div class="col-md-8">
208                    <h4 class="card-title"><?php echo htmlentities($Author); ?></h4>
209                    <p class="description">Aliquam congue vel purus vitae vestibulum. Suspendisse consectetur leo urna, id condimentum nulla eleifend vel.</p>
210                  </div>
211  
212                  <div class="col-md-2">
213                    <button type="button" class="btn btn-rose pull-right btn-round">Follow Me</button>
214                  </div>
215                </div>
216              </div>
217            </div>
218          </div>
219        </div>
220  
221        <?php }; ?>
222  
223        <?php
224          $PostIdForComments = $_GET["id"];
225          $CommentsQuery = "SELECT * FROM comments WHERE admin_panel_id='$PostIdForComments' AND status='On'";
226 $Execute = mysqli_query($Connection, $CommentsQuery);
227 228 while($DataRows = mysqli_fetch_array($Execute)) {