php_misc_shells in 'content-aware-sidebars.php'

Thank you for your feedback. Security is very important, and generally I think I use the best practices in the plugin. I have never had any reports of security flaws or hacks, but of course I cannot guarantee 100% security.

With that said, can you give me more details about the message? Does it say what line is causing the flag?

I have never seen the “php_misc_shells” message before, and googling it only points back to asgard-cli on github.

Hi Joachim,

Thanks for the quick reply. I posted a question to the Asgard plug-in folks on their forum as well.

The message really doesn’t give me any more information, you run the scan, and there is a list with the column headers ‘verdict’ and ‘file’. The verdict is “php_misc_shells” and the file gives the location on my server of this file – plugins/content-aware-sidebars/content-aware-sidebars.php.

I have downloaded, fresh from your server, new copies of this file and replaced my old one, I’ve read through the file and haven’t seen anything (totally possible I’m not that smart) and I have put new copies of your plugin and the asgard plugin on a site on a different host and have gotten the same result.

I’ll continue to follow up with the makers of the Asgard plugin.

Susan

Thanks for following up at the developers of the plugin.
If they find a specific security issue in Content Aware Sidebars, please show them this thread so we can fix it.