Project: Wordpress Plugin Islamic Content Archive 2.0

Vulnerability: #7371210 (2018-01-13 00:06:11)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _GET
/islamic-content-archive/lib/app_helpers.php:36 (show/hide source)
16  	
17  	public function getLang($key='')
18  	{
19  		return $this->class_lang[$key];
20  	}
21  	
22  	public function MainContent($mainViewFile) {
23  		if (file_exists($mainViewFile)) {
24  			include_once $mainViewFile;
25  		}
26  
27  	}
28  	
29  	function ica_admin_tabs($current = 'language') {
30  		global $ica_categories_lang,$categories;
31  		if (!empty($_POST[ICA_Input_SLUG.'language'])) {
32  			$this->class_lang = fun_loadlang();
33  		}
34  		$cat_tab_list = $ica_categories_lang[get_option(ICA_Input_SLUG.'language')];
35  		if(isset($_GET['page'])){
36 $get_slug = strip_tags($_GET['page']);
37 }else{ 38 $get_slug = '';
Threat level 2

Callstack:

app_helpers::ica_admin_tabs /islamic-content-archive/lib/app_helpers.php:54 (show/hide source)
34  		$cat_tab_list = $ica_categories_lang[get_option(ICA_Input_SLUG.'language')];
35  		if(isset($_GET['page'])){
36  			$get_slug = strip_tags($_GET['page']);
37  		}else{
38  			$get_slug = '';
39  		}
40  
41  		if (!empty($_GET['tab'])) {
42  			$current = esc_attr($_GET['tab']);
43  		};
44  		$tabs = array('language' =>$this->getLang('tab-language'), 'options' => $this->getLang('tab-options'));
45  		echo '<div id="icon-themes" class="icon32"><br></div>';
46  		echo '<h2 class="nav-tab-wrapper">';
47  		foreach ($tabs as $tab => $name) {
48  			$class = ($tab == $current) ? ' nav-tab-active' : '';
49  			$logo = NULL;
50  			if($tab == 'language'){
51  				$flag = get_option(ICA_Input_SLUG.'language').'.png';
52  				$logo = sprintf('%s',ica_cat_flags($flag,array('width'=>'20')));
53  			}
54 echo "<a class='nav-tab$class' href='?page=" . $get_slug . "&tab=$tab'>$logo $name</a>";
55 } 56