Finding entry points Branch analysis from position: 0 1 jumps found. (Code = 62) Position 1 = -2 filename: /in/XdsPJ function name: (null) number of ops: 39 compiled vars: !0 = $html, !1 = $doc, !2 = $xpath, !3 = $impact_node, !4 = $severity_node line #* E I O op fetch ext return operands ------------------------------------------------------------------------------------- 3 0 E > ASSIGN !0, '%3Cul%3E%0A%3Cli%3E%3Cstrong%3EProject%3A%3C%2Fstrong%3E+Joomla%21%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3ESubProject%3A%3C%2Fstrong%3E+CMS%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3EImpact%3A%3C%2Fstrong%3E+Low%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3ESeverity%3A%3C%2Fstrong%3E+%3Cspan+class%3D%22label+label-info%22%3ELow%3C%2Fspan%3E%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3EVersions%3A%3C%2Fstrong%3E+3.8.0+-+3.9.13%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3EExploit+type%3A%3C%2Fstrong%3E+Path+Disclosure%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3EReported+Date%3A%3C%2Fstrong%3E+2019-November-22%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3EFixed+Date%3A%3C%2Fstrong%3E+2019-December-17%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3ECVE+Number%3A%3C%2Fstrong%3E+%3Ca+href%3D%22https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2019-19845%22%3ECVE-2019-19845%3C%2Fa%3E%3C%2Fli%3E%0A%3C%2Ful%3E%0A%3Ch3%3EDescription%3C%2Fh3%3E%0A%3Cp%3EMissing+access+check+in+framework+files+could+lead+to+a+path+disclosure.%3C%2Fp%3E%0A%3Ch3%3EAffected+Installs%3C%2Fh3%3E%0A%3Cp%3EJoomla%21+CMS+versions+3.8.0+-+3.9.13%3C%2Fp%3E%0A%3Ch3%3ESolution%3C%2Fh3%3E%0A%3Cp%3EUpgrade+to+version+3.9.14%3C%2Fp%3E%0A%3Ch3%3EContact%3C%2Fh3%3E%0A%3Cp%3EThe+JSST+at+the+%3Ca+title%3D%22Contact+the+JSST%22+href%3D%22https%3A%2F%2Fdeveloper.joomla.org%2Fsecurity-centre.html%22%3EJoomla%21+Security+Centre%3C%2Fa%3E.%3C%2Fp%3E%0A%3Cdiv+class%3D%22alert+alert-info%22%3E%3Cstrong%3EReported+By%3A+%3C%2Fstrong%3ELee+Thao%2C+Viettel+Cyber+Security%3C%2Fdiv%3E%3Cdiv+class%3D%22feedflare%22%3E%0A%3Ca+href%3D%22https%3A%2F%2Ffeeds.joomla.org%2F%7Eff%2FJoomlaSecurityNews%3Fa%3D_fWsZ57Sw7g%3AuVTwWaDiNQ0%3AyIl2AUoC8zA%22%3E%3C%2Fa%3E%0A%3C%2Fdiv%3E' 26 1 NEW $6 'DOMDocument' 2 DO_FCALL 0 3 ASSIGN !1, $6 27 4 INIT_METHOD_CALL !1, 'loadHTML' 5 SEND_VAR_EX !0 6 DO_FCALL 0 28 7 NEW $10 'DOMXPath' 8 SEND_VAR_EX !1 9 DO_FCALL 0 10 ASSIGN !2, $10 29 11 INIT_METHOD_CALL !2, 'query' 12 SEND_VAL_EX '%2F%2Fli%5Bcontains%28string%28%29%2C+%22Impact%3A%22%29%5D' 13 DO_FCALL 0 $13 14 ASSIGN !3, $13 30 15 INIT_FCALL 'str_replace' 16 SEND_VAL 'Impact%3A+' 17 SEND_VAL '' 18 INIT_METHOD_CALL !3, 'item' 19 SEND_VAL_EX 0 20 DO_FCALL 0 $15 21 FETCH_OBJ_R ~16 $15, 'textContent' 22 SEND_VAL ~16 23 DO_ICALL $17 24 CONCAT ~18 'Impact%3A+', $17 25 ECHO ~18 31 26 ECHO '%0A' 32 27 INIT_METHOD_CALL !2, 'query' 28 SEND_VAL_EX '%2F%2Fli%5Bcontains%28string%28%29%2C+%22Severity%3A%22%29%5D%2Fspan%5Bcontains%28%40class%2C+%22label-info%22%29%5D' 29 DO_FCALL 0 $19 30 ASSIGN !4, $19 33 31 INIT_METHOD_CALL !4, 'item' 32 SEND_VAL_EX 0 33 DO_FCALL 0 $21 34 FETCH_OBJ_R ~22 $21, 'textContent' 35 CONCAT ~23 'Severity%3A+', ~22 36 CONCAT ~24 ~23, '%0A' 37 ECHO ~24 38 > RETURN 1
Generated using Vulcan Logic Dumper, using php 8.0.0