Project: Wordpress Plugin WooCommerce Product Feed Manager 4.2

Vulnerability: #9253362 (2019-10-08 06:42:29)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink Standard::fsockopen
Risk _SERVER
/best-woocommerce-feed/vendor/phpseclib/phpseclib/phpseclib/System/SSH/Agent.php:124 (show/hide source)
104       */
105      var $socket_buffer = '';
106  
107      /**
108       * Tracking the number of bytes we are expecting
109       * to arrive for the agent socket on the SSH data
110       * channel
111       */
112      var $expected_bytes = 0;
113  
114      /**
115       * Default Constructor
116       *
117       * @return \phpseclib\System\SSH\Agent
118       * @access public
119       */
120      function __construct()
121      {
122          switch (true) {
123              case isset($_SERVER['SSH_AUTH_SOCK']):
124 $address = $_SERVER['SSH_AUTH_SOCK'];
125 break; 126 case isset($_ENV['SSH_AUTH_SOCK']):
Threat level 0

Callstack:

phpseclib\System\SSH\Agent::__construct /best-woocommerce-feed/vendor/phpseclib/phpseclib/phpseclib/System/SSH/Agent.php:134 (show/hide source)
114      /**
115       * Default Constructor
116       *
117       * @return \phpseclib\System\SSH\Agent
118       * @access public
119       */
120      function __construct()
121      {
122          switch (true) {
123              case isset($_SERVER['SSH_AUTH_SOCK']):
124                  $address = $_SERVER['SSH_AUTH_SOCK'];
125                  break;
126              case isset($_ENV['SSH_AUTH_SOCK']):
127                  $address = $_ENV['SSH_AUTH_SOCK'];
128                  break;
129              default:
130                  user_error('SSH_AUTH_SOCK not found');
131                  return false;
132          }
133  
134 $this->fsock = fsockopen('unix://' . $address, 0, $errno, $errstr);
135 if (!$this->fsock) { 136 user_error("Unable to connect to ssh-agent (Error $errno: $errstr)");