2 matches found
Server Side Request Forgery (SSRF)
zendesk/zendeskapiclientphp is vulnerable to server side request forgery SSRF. The vulnerability exists as it does not validate provided Zendesk subdomain to be a valid subdomain in the function getAuthUrl and getAccessToken, allowing an attacker to send arbitrary HTTP requests on behalf of the...
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain
Impact Lack of input validation of the Zendesk subdomain could expose users of the library to Server Side Request Forgery SSRF. Resolution Validate the provided Zendesk subdomain to be a valid subdomain in: getAuthUrl getAccessToken...