Project: Wordpress Plugin Islamic Content Archive 2.0

Vulnerability: #7371206 (2018-01-13 00:06:11)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _POST
/islamic-content-archive/lib/html_helper.php:75 (show/hide source)
55  				}
56  				break;
57  			case 'radio' :
58  				{
59  					$html .= $this -> _radio($attr);
60  				}
61  				break;
62  			case 'textarea' :
63  				{
64  					$html .= sprintf('<textarea  name="%s" id="%s" >%s</textarea>', $type, $attr['name'], $attr['id'], $attr['value']);
65  				}
66  				break;
67  			case 'checkbox' :
68  				$html .= $this -> _checkbox($attr);
69  				break;
70  			default :
71  				{
72  					if(empty($attr['value'])){
73  						$attr['value'] = set_value(ICA_Input_SLUG.$attr['name']);
74  					}
75 $html .= sprintf('<input type="%s" name="%s" value="%s" id="%s" />', $type, ICA_Input_SLUG.$attr['name'], $attr['value'], $attr['id']);
76 } 77 break;
Threat level 2

Callstack:

@INLINE::/islamic-content-archive/views/categories.php /islamic-content-archive/views/categories.php:23 (show/hide source)
3  global $categories,$ica_categories_lang;
4  $category_slug = esc_attr($_GET['cat_slug']);
5  
6  $ica_lang = get_option(ICA_Input_SLUG.'language');
7  $link = $ica_categories_lang[$ica_lang][$category_slug]['url'];
8  $jsoncaturl = $ica_categories_lang[$ica_lang][$category_slug]['cat'];
9  $slug = $category_slug.'_'.$ica_lang;
10  $cat_options = $Html->categoryFromTransient($jsoncaturl,$slug);
11  ?>
12  <div class="category-head">
13  	<table width="100%">
14  		<tr>
15  			<td width="80px"><span class="category-logo"><?php echo ica_cat_logo($category_slug,array('width'=>'80px','class'=>$category_slug)) ?></span></td>
16  			<td><h1 class="category-title"><a target="_blank" href="<?php echo $link; ?>"><?php echo $this->getLang($category_slug); ?></a></h1></td>
17  		</tr>
18  	</table>
19  
20  </div>
21  <hr />
22  <?php
23 echo $Html->Input('checkbox',array('name'=>'category_'.$ica_lang.'_'.$category_slug.'[]','options'=>$cat_options));
24 ?>