Project: Wordpress Plugin Search Engine 0.5.9

Vulnerability: #7989861 (2018-04-16 16:09:10)

Warning

There are many false positives, or unexploitable vulnerabilities. Please create working "PoC" exploit before reporting anything to vendor!

Details:

Sink PHP::echo
Risk _SERVER
/search-engine/search-engine.php:1242 (show/hide source)
1222  <form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="get">
1223      <input name="<?php echo (!wp_style_is('search-engine')?'q':'s'); ?>" type="text" size="41" class="search_engine_Box" value="<?php echo htmlentities($query,ENT_COMPAT,get_bloginfo('charset')); ?>" />
1224      <input type="submit" value="Search" class="search_engine_Button" /><?php if(defined('SEARCH_ENGINE_ADVANCED_URL')){ ?><br /><br /><?php if(defined('SEARCH_ENGINE_ADVANCED_HTML')){ echo SEARCH_ENGINE_ADVANCED_HTML; }else{ ?>
1225          <a href="<?php echo SEARCH_ENGINE_ADVANCED_URL; ?>" class="search_engine_Advanced"><?php if(defined('SEARCH_ENGINE_ADVANCED_TEXT')){ echo SEARCH_ENGINE_ADVANCED_TEXT; }else{ ?>Go to Advanced Search<?php } ?></a><?php }} ?>
1226  </form>
1227  <?php
1228          }
1229  
1230          if(0<strlen($query))
1231          {
1232              if ( 1 == $result_infobar ) {
1233  ?>
1234  <div class="search_engine_InfoBar">
1235  <?php
1236              }
1237              if ( $search->total_results < count( $results ) && 0 < count( $results ) )
1238                  $search->total_results = count( $results );
1239              $search->total_pages = ceil($search->total_results / $search->results_per_page);
1240              $search->begin = ($search->results_per_page*$search->page)-($search->results_per_page-1);
1241              $search->end = ($search->total_pages==$search->page?$search->total_results:($search->results_per_page*$search->page));
1242 $request_uri = $_SERVER['REQUEST_URI'];
1243 $explode = explode('?',$request_uri); 1244 $explode = @end($explode);
Threat level 0

Callstack:

@FUNCTION::search_engine_content /search-engine/search-engine.php:1361 (show/hide source)
1341                  }
1342                  if ($search->total_pages > ($search->page + 10))
1343                  {
1344  ?>
1345              <span class="gap">...</span>
1346              <a href="<?php echo $request_uri; ?>pg=<?php echo ($search->page + 10); ?>" class="page page-numbers"><?php echo ($search->page + 10); ?></a>
1347              <span class="gap">...</span>
1348  <?php
1349                  }
1350                  if ($search->total_pages > ($search->page + 100))
1351                  {
1352  ?>
1353              <span class="gap">...</span>
1354              <a href="<?php echo $request_uri; ?>pg=<?php echo ($search->page + 100); ?>" class="page page-numbers"><?php echo ($search->page + 100); ?></a>
1355              <span class="gap">...</span>
1356  <?php
1357                  }
1358                  if ($search->page < $search->total_pages)
1359                  {
1360  ?>
1361 <a href="<?php echo $request_uri; ?>pg=<?php echo $search->total_pages; ?>" class="page page-numbers"><?php echo $search->total_pages; ?></a>
1362 <a href="<?php echo $request_uri; ?>pg=<?php echo $search->page+1; ?>" class="next page-numbers search_engine_NextLink">Next</a> 1363 <?php