Project: Github Paroxyste/Simply-Blog 20190102

Vulnerability: #9224534 (2019-01-02 06:08:03)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _GET
/Simply-Blog-master/admin/editPost.php:18 (show/hide source)
1  <?php
2  
3  require_once("../includes/database.php");
4  require_once("../includes/sessions.php");
5  require_once("../includes/functions.php");
6  
7  $Admin = "Laurent Echeverria";
8  
9  if(isset($_POST["submit"])) {
10  	$Title = mysqli_real_escape_string($Connection, $_POST["Title"]);
11  	$Category = mysqli_real_escape_string($Connection, $_POST["Category"]);
12    $Post = mysqli_real_escape_string($Connection, $_POST["Post"]);
13  	$CurrentTime = time();
14  	$DateTime = date('d M Y', $CurrentTime);
15  	$DateTime;
16  	$Image = $_FILES["Image"]["name"];
17  	$Target = "../assets/img/uploads/" . basename($_FILES["Image"]["name"]);
18 $SearchQueryParam = $_GET["edit"];
19 20 if(empty($Title) || empty($Category) || empty($Image) || empty($Post)) {
Threat level 2

Callstack:

@INLINE::/Simply-Blog-master/admin/editCategories.php /Simply-Blog-master/admin/editCategories.php:146 (show/hide source)
126                <a href="categories.php"><button id="#" class="btn btn-just-icon btn-white btn-fab btn-round">
127                  <i class="material-icons text_align-center visible-on-sidebar-regular">arrow_back</i>
128                </button></a>
129              </div>
130              <a class="navbar-brand" href="categories.php">Edit Categories</a>
131            </div>
132  
133            <button class="navbar-toggler" type="button" data-toggle="collapse" aria-controls="navigation-index" aria-expanded="false" aria-label="Toggle navigation">
134              <span class="sr-only">Toggle navigation</span>
135              <span class="navbar-toggler-icon icon-bar"></span>
136              <span class="navbar-toggler-icon icon-bar"></span>
137              <span class="navbar-toggler-icon icon-bar"></span>
138            </button>
139          </div>
140        </nav>
141  
142        <div class="content">
143          <div class="container-fluid">
144            <div class="row">
145              <div class="col-md-6 offset-md-3">
146 <form action="editCategories.php?edit=<?php echo $SearchQueryParam; ?>" method="post">
147 <div class="card "> 148 <div class="card-header card-header-rose card-header-icon">