Project: Wordpress Plugin Islamic Content Archive 2.0

Vulnerability: #7371198 (2018-01-13 00:06:11)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _POST
/islamic-content-archive/lib/html_helper.php:75 (show/hide source)
55  				}
56  				break;
57  			case 'radio' :
58  				{
59  					$html .= $this -> _radio($attr);
60  				}
61  				break;
62  			case 'textarea' :
63  				{
64  					$html .= sprintf('<textarea  name="%s" id="%s" >%s</textarea>', $type, $attr['name'], $attr['id'], $attr['value']);
65  				}
66  				break;
67  			case 'checkbox' :
68  				$html .= $this -> _checkbox($attr);
69  				break;
70  			default :
71  				{
72  					if(empty($attr['value'])){
73  						$attr['value'] = set_value(ICA_Input_SLUG.$attr['name']);
74  					}
75 $html .= sprintf('<input type="%s" name="%s" value="%s" id="%s" />', $type, ICA_Input_SLUG.$attr['name'], $attr['value'], $attr['id']);
76 } 77 break;
Threat level 2

Callstack:

@INLINE::/islamic-content-archive/views/options.php /islamic-content-archive/views/options.php:28 (show/hide source)
8  			<td>
9  				<h1 class="category-title"><?php echo $this->getLang('control-options') ?></h1>
10  				</td>
11  		</tr>
12  	</table>	
13  	
14  </div>
15  <hr />
16  <?php
17  $Html = new html_helper();
18  
19  $timeList['']                 = $this->getLang('label-select');
20  $timeList['everyhour']           = $this->getLang('label-hourly');
21  $timeList['everysixhours']    = $this->getLang('label-every_six_hours');
22  $timeList['everytwelvehours'] = $this->getLang('label-every_twelve_hours');
23  $timeList['everyday']            = $this->getLang('label-daily');
24  $timeList['everytwodays']     = $this->getLang('label-two_days');
25  $timeList['weakly']           = $this->getLang('label-weakly');
26  
27  
28 echo $Html -> Input('select', array('name' => 'cronjobtime', 'options' => $timeList, 'label' =>$this->getLang('label-import_data_time')));
29 echo $Html->Input('text',array('name' => 'source', 'label' => $this->getLang('label-source'))); 30 ?>