Project: Wordpress Plugin ZodiacPress 1.5.7

Vulnerability: #7524904 (2018-02-13 19:25:12)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink Standard::unserialize
Risk _GET
/zodiacpress/image.php:5 (show/hide source)
1  <?php // This file creates the ZodiaPress chart image
2  global $zpci_orbs;
3  
4  if ( isset( $_GET['zpl'] ) ) {
5 $longitudes_raw = unserialize( $_GET['zpl'] );
6 for ( $n = 0; $n <= 16; $n++ ) { 7 $longitudes[] = zpci_sanitize_data( $longitudes_raw[ $n ] );
Threat level 2

Callstack:

@INLINE::/zodiacpress/image.php /zodiacpress/image.php:5 (show/hide source)
1  <?php // This file creates the ZodiaPress chart image
2  global $zpci_orbs;
3  
4  if ( isset( $_GET['zpl'] ) ) {
5 $longitudes_raw = unserialize( $_GET['zpl'] );
6 for ( $n = 0; $n <= 16; $n++ ) { 7 $longitudes[] = zpci_sanitize_data( $longitudes_raw[ $n ] );