Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink Standard::header
Risk _GET
/social-booster/vendor/kriswallsmith/buzz/test/server.php:4 (show/hide source)
1  <?php
2  
3  if (isset($_GET['redirect_to'])) {
4 header('Location: '.$_GET['redirect_to']);
5 die; 6 }
Threat level 2

Callstack:

@INLINE::/social-booster/vendor/kriswallsmith/buzz/test/server.php /social-booster/vendor/kriswallsmith/buzz/test/server.php:4 (show/hide source)
1  <?php
2  
3  if (isset($_GET['redirect_to'])) {
4 header('Location: '.$_GET['redirect_to']);
5 die; 6 }