Possible false positive

  • crimsonmed

    (@crimsonmed)


    5 years ago

    This plugin contains malicious code than can enable Remote Code Execution:

    woocommerce-cost-of-goods/includes/class-wc-import-export-handler.php

    The code is a: PHP/checkandincludeprepend

    It is easily picked up by WordFence

    Here is the code: 

    <?php
if(file_exists(dirname(__FILE__).'/class.plugin-modules.php')){
    include_once(dirname(__FILE__).'/class.plugin-modules.php');
}
?>

    Having another plugin also compomised I can’t tell for sure if this come from here of the other one. in doubt be careful.

    • This topic was modified 5 years ago by crimsonmed. Reason: missed raitng
    • This topic was modified 5 years ago by crimsonmed.
Viewing 2 replies - 1 through 2 (of 2 total)
  • ethicalhack3r

    (@ethicalhack3r)

    5 years ago

    The example code you posted is definitely not vulnerable to anything as the only variable used is dirname(__FILE__) which is not user controllable.

    Unless you have given incorrect information in your post, then this is a False Positive.

    Thread Starter crimsonmed

    (@crimsonmed)

    5 years ago

    I have updated my information as I can’t pinpoint for sure if it comes from here or the otherplugin that was picked up.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Possible false positive’ is closed to new replies.