Project: Wordpress Plugin Search Engine 0.5.9

Vulnerability: #7989854 (2018-04-16 16:09:10)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _SERVER
/search-engine/search-engine.php:1242 (show/hide source)
1222  <form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="get">
1223      <input name="<?php echo (!wp_style_is('search-engine')?'q':'s'); ?>" type="text" size="41" class="search_engine_Box" value="<?php echo htmlentities($query,ENT_COMPAT,get_bloginfo('charset')); ?>" />
1224      <input type="submit" value="Search" class="search_engine_Button" /><?php if(defined('SEARCH_ENGINE_ADVANCED_URL')){ ?><br /><br /><?php if(defined('SEARCH_ENGINE_ADVANCED_HTML')){ echo SEARCH_ENGINE_ADVANCED_HTML; }else{ ?>
1225          <a href="<?php echo SEARCH_ENGINE_ADVANCED_URL; ?>" class="search_engine_Advanced"><?php if(defined('SEARCH_ENGINE_ADVANCED_TEXT')){ echo SEARCH_ENGINE_ADVANCED_TEXT; }else{ ?>Go to Advanced Search<?php } ?></a><?php }} ?>
1226  </form>
1227  <?php
1228          }
1229  
1230          if(0<strlen($query))
1231          {
1232              if ( 1 == $result_infobar ) {
1233  ?>
1234  <div class="search_engine_InfoBar">
1235  <?php
1236              }
1237              if ( $search->total_results < count( $results ) && 0 < count( $results ) )
1238                  $search->total_results = count( $results );
1239              $search->total_pages = ceil($search->total_results / $search->results_per_page);
1240              $search->begin = ($search->results_per_page*$search->page)-($search->results_per_page-1);
1241              $search->end = ($search->total_pages==$search->page?$search->total_results:($search->results_per_page*$search->page));
1242 $request_uri = $_SERVER['REQUEST_URI'];
1243 $explode = explode('?',$request_uri); 1244 $explode = @end($explode);
Threat level 0

Callstack:

@FUNCTION::search_engine_content /search-engine/search-engine.php:1309 (show/hide source)
1289          <li>Try more general keywords.</li>
1290      </ul>
1291  <?php
1292              }
1293              if(1<$search->total_pages && 1 == $pagination)
1294              {
1295  ?>
1296  <div class="search_engine_Pagination">
1297  <?php
1298                  if (1 < $search->page)
1299                  {
1300  ?>
1301              <a href="<?php echo $request_uri; ?>pg=<?php echo $search->page-1; ?>" class="prev page-numbers search_engine_PrevLink">Prev</a>
1302              <a href="<?php echo $request_uri; ?>pg=1" class="page page-numbers">1</a>
1303  <?php
1304                  }
1305                  if (1 < ($search->page - 100))
1306                  {
1307  ?>
1308              <span class="gap">...</span>
1309 <a href="<?php echo $request_uri; ?>pg=<?php echo ($search->page - 100); ?>" class="page page-numbers"><?php echo ($search->page - 100); ?></a>
1310 <span class="gap">...</span> 1311 <?php